registry  /  jonggrang  /  0.13.4

jonggrang@0.13.4

Deterministic AI orchestration platform — 16-phase workflow engine for autonomous software development

AI Security Review

scanned 3d ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. The package is an AI orchestration developer tool with powerful user-invoked project setup, local dashboard, hooks, Docker, git, and secret-management features.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs jonggrang CLI commands such as init, web, work, agent, or uses the local dashboard
Impact
Can modify the selected project and configure agent hooks/secrets by user action, but no install-time execution, credential theft, persistence, or unsolicited exfiltration was found
Mechanism
user-invoked AI orchestration and project scaffolding
Rationale
The risky primitives are consistent with a local AI orchestration platform and are activated by explicit CLI/dashboard use, not by npm install or import-time execution. I found no concrete exfiltration, hidden remote payload loading, destructive persistence, or unconsented lifecycle mutation of another agent control surface.
Evidence
package.jsonbin/jonggrang.jslib/hooks.jshooks/opencode/plugin.jshooks/claude/settings.jsonapis/secrets/index.jsserver.jsclient/dist/assets/SettingsView-Cb0DZfeW.jsAGENTS.mdCLAUDE.md.claude/settings.json.opencode/plugins/jonggrang.js.jonggrang/extensions/jonggrang.tshooks/
Network endpoints3
gitlab.com/api/v4127.0.0.1localhost

Decision evidence

public snapshot
AI called this Clean at 84.0% confidence as Benign with low false-positive risk.
Evidence for block
  • bin/jonggrang.js user-invoked init writes AGENTS.md, CLAUDE.md, .claude/.opencode/.jonggrang scaffolding and hooks
  • lib/hooks.js installs Claude/OpenCode/Pi hooks into the target project when init is run
  • server.js exposes a local dashboard/API and can be configured to manage secrets, SSH keys, Docker, and agent runs
Evidence against
  • package.json has no npm preinstall/install/postinstall lifecycle hooks
  • bin/jonggrang.js is a declared CLI entrypoint; package-manager installs occur only in user-invoked web/client setup paths
  • Agent hook writes are package-aligned project scaffolding, not lifecycle-triggered foreign control-surface mutation
  • hooks/opencode/plugin.js blocks or sanitizes sensitive file/secret access rather than harvesting it
  • apis/secrets/index.js stores user-supplied secrets in local webState; no exfiltration endpoint found
  • client/dist SettingsView secret hit is UI placeholder text for private keys/tokens, not an embedded secret
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 92 file(s), 2.53 MB of source, external domains: 127.0.0.1, api.github.com, github.com, gitlab.com, opencode.ai, socket.io, www.w3.org

Source & flagged code

14 flagged · loading source
client/dist/assets/SettingsView-Cb0DZfeW.jsView file
164patternName = private_key_openssh severity = critical line = 164 matchedText = In order...----
Critical
Critical Secret

Package contains a critical-looking secret pattern.

client/dist/assets/SettingsView-Cb0DZfeW.jsView on unpkg · L164
164patternName = private_key_openssh severity = critical line = 164 matchedText = In order...----
Critical
Secret Pattern

OpenSSH private key in client/dist/assets/SettingsView-Cb0DZfeW.js

client/dist/assets/SettingsView-Cb0DZfeW.jsView on unpkg · L164
apis/projects/orchestration-run.jsView file
16const { Router } = require('express'); L17: const { spawn, execFile, execFileSync } = require('child_process'); L18: const path = require('path');
High
Child Process

Package source references child process execution.

apis/projects/orchestration-run.jsView on unpkg · L16
lib/jonggrang.jsView file
1661const result = require('child_process').spawnSync(testCmd, { L1662: shell: true, L1663: cwd: projectRoot,
High
Shell

Package source references shell execution.

lib/jonggrang.jsView on unpkg · L1661
apis/secrets/index.jsView file
2L3: const { Router } = require('express'); L4:
Medium
Dynamic Require

Package source references dynamic require/import behavior.

apis/secrets/index.jsView on unpkg · L2
lib/bot-reviewer/index.jsView file
1'use strict'; L2:
Low
Weak Crypto

Package source references weak cryptographic algorithms.

lib/bot-reviewer/index.jsView on unpkg · L1
hooks/pi/jonggrang-extension.tsView file
17const fs = require("fs") as typeof import("fs"); L18: const { execSync, execFileSync } = require("child_process") as typeof import("child_process"); L19: ... L36: /\bcredentials\b/i, /\.pfx$/i, /\.p12$/i, /\.crt$/i, /\.cer$/i, L37: /\.pkcs12$/i, /\.jks$/i, /\.keystore$/i, /(^|\/)\.ssh\//i, /authorized_keys/i, L38: ]; ... L65: .filter(Boolean); L66: const READERS = "(?:cat|head|tail|less|more|xxd|od|hexdump|strings|awk|sed|cp|mv|tar|zip|base64|openssl|grep|rg|fgrep|egrep|nl|tac|view|vim|vi|nano|emacs|code|subl)"; L67: const SECRETPATH = "(credentials|\\.pem(\\s|$)|\\.key(\\s|$)|id_rsa|id_ed25519|id_ecdsa|id_ed25519_sk|id_ecdsa_sk|id_dsa|identity|ssh_host_.*_key|\\.ssh/|\\.aws/credentials|authori... ... L85: .replace(/(aws_access_key_id\s*=\s*)\S+/gi, "$1<REDACTED>") L86: .replace(/-----BEGIN [A-Z ]*(PRIVATE|CERTIFICATE|EC|OPENSSH) KEY-----/g, "-----BEGIN <REDACTED>-----") L87: .replace(/(eyJ[A-Za-z0-9_-]{4,}\.[A-Za-z0-9_-]+\.)[A-Za-z0-9_-]+/g, "$1<REDACTED>")
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

hooks/pi/jonggrang-extension.tsView on unpkg · L17
bin/jonggrang.jsView file
matchType = previous_version_dangerous_delta matchedPackage = jonggrang@0.12.7 matchedIdentity = npm:am9uZ2dyYW5n:0.12.7 similarity = 0.946 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

bin/jonggrang.jsView on unpkg
9Detached bundled service listener: bin/jonggrang.js spawns server.js; helper exposes a broad-bound HTTP listener. L9: const path = require('path'); L10: const { spawn, spawnSync, execSync } = require('child_process'); L11: const readline = require('readline'); ... L24: function resolveJonggrangHome() { L25: if (process.env.JONGGRANG_HOME) return process.env.JONGGRANG_HOME; L26: L27: const candidates = [ L28: path.resolve(__dirname, '..'), L29: path.resolve(__dirname, '..', '..'), ... L55: L56: const JONGGRANG_VERSION = require('../package.json').version; L57:
High
Spawned Bundled Service Listener

Source launches a detached bundled service that exposes a broad-bound HTTP listener.

bin/jonggrang.jsView on unpkg · L9
2658try { L2659: execSync('npm install --production', { cwd: WEB_DIR, stdio: 'inherit' }); L2660: } catch {
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/jonggrang.jsView on unpkg · L2658
hooks/claude/secret-final-check.shView file
path = hooks/claude/secret-final-check.sh kind = build_helper sizeBytes = 1567 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

hooks/claude/secret-final-check.shView on unpkg
client/dist/assets/primeicons-C6QP2o4f.woff2View file
path = client/dist/assets/primeicons-C6QP2o4f.woff2 kind = high_entropy_blob sizeBytes = 35148 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

client/dist/assets/primeicons-C6QP2o4f.woff2View on unpkg
skills/library/testing/unit-testing-patterns/SKILL.mdView file
17patternName = generic_password severity = medium line = 17 matchedText = const dt...' };
Medium
Secret Pattern

Hardcoded password in skills/library/testing/unit-testing-patterns/SKILL.md

skills/library/testing/unit-testing-patterns/SKILL.mdView on unpkg · L17
client/dist/assets/ProjectSettingsView-DT4KtWe6.jsView file
1patternName = private_key_openssh severity = critical line = 1 matchedText = import{A...----
Critical
Secret Pattern

OpenSSH private key in client/dist/assets/ProjectSettingsView-DT4KtWe6.js

client/dist/assets/ProjectSettingsView-DT4KtWe6.jsView on unpkg · L1

Findings

4 Critical5 High7 Medium6 Low
CriticalCritical Secretclient/dist/assets/SettingsView-Cb0DZfeW.js
CriticalPrevious Version Dangerous Deltabin/jonggrang.js
CriticalSecret Patternclient/dist/assets/SettingsView-Cb0DZfeW.js
CriticalSecret Patternclient/dist/assets/ProjectSettingsView-DT4KtWe6.js
HighChild Processapis/projects/orchestration-run.js
HighShelllib/jonggrang.js
HighSpawned Bundled Service Listenerbin/jonggrang.js
HighRuntime Package Installbin/jonggrang.js
HighShips High Entropy Blobclient/dist/assets/primeicons-C6QP2o4f.woff2
MediumDynamic Requireapis/secrets/index.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencehooks/pi/jonggrang-extension.ts
MediumShips Build Helperhooks/claude/secret-final-check.sh
MediumStructural Risk Force Deep Review
MediumSecret Patternskills/library/testing/unit-testing-patterns/SKILL.md
LowScripts Present
LowWeak Cryptolib/bot-reviewer/index.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings