registry  /  jonggrang  /  0.14.8

jonggrang@0.14.8

Deterministic AI orchestration platform — 16-phase workflow engine for autonomous software development

AI Security Review

scanned 3h ago · by lpm-firewall-ai

No confirmed malicious attack surface was established by source inspection. The package is an AI development orchestrator with user-invoked CLI/web workflows that can manage local project state, hooks, worktrees, and agent processes.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
Explicit user commands such as `jonggrang init`, `jonggrang web`, work/orchestration actions, or web UI actions.
Impact
User-authorized project files, worktrees, and first-party agent configs may be created or modified as part of the tool workflow; no install-time hijack or exfiltration was found.
Mechanism
local developer-tool orchestration with optional first-party agent hook setup
Rationale
Scanner findings map to expected functionality for an AI orchestration developer tool: subprocesses, local config/hook setup, and GitHub/GitLab API access are user-invoked and package-aligned. There is no npm lifecycle execution, credential harvesting/exfiltration, remote payload staging, or unconsented install-time mutation of a foreign/broad agent control surface.
Evidence
package.jsonbin/jonggrang.jsserver.jslib/hooks.jsapis/secrets/index.jsapis/projects/orchestration-run.jslib/issue-providers.jslib/web-runners.js.jonggrangAGENTS.mdCLAUDE.md.claude/settings.json.opencode.codexhooks
Network endpoints4
api.github.comgitlab.com/api/v4fonts.googleapis.comfonts.gstatic.com

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • Hook library writes .claude/settings.json and provides .opencode/.codex/.jonggrang hook mappings when user initializes/uses the tool.
  • CLI web command can run npm install/build only when user invokes `jonggrang web` and bundled deps/build are missing.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle scripts.
  • bin/jonggrang.js is a user-invoked CLI; install commands are dependency repair/build steps under package/client dirs, not automatic install-time execution.
  • server.js binds local dashboard to 127.0.0.1 by default with trusted-origin checks and serves packaged client assets.
  • apis/secrets/index.js stores user-submitted secrets in local webState and does not exfiltrate them.
  • Network use is package-aligned: GitHub/GitLab issue APIs and user-configured SSH/git operations for developer workflow.
  • child_process usage launches declared tools (git, docker, ssh, node, opencode, claude) for orchestration; no remote payload download/execution found.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 92 file(s), 2.56 MB of source, external domains: 127.0.0.1, api.github.com, github.com, gitlab.com, opencode.ai, socket.io, www.w3.org

Source & flagged code

14 flagged · loading source
client/dist/assets/SettingsView-B1MTq8v-.jsView file
164patternName = private_key_openssh severity = critical line = 164 matchedText = In order...----
Critical
Critical Secret

Package contains a critical-looking secret pattern.

client/dist/assets/SettingsView-B1MTq8v-.jsView on unpkg · L164
164patternName = private_key_openssh severity = critical line = 164 matchedText = In order...----
Critical
Secret Pattern

OpenSSH private key in client/dist/assets/SettingsView-B1MTq8v-.js

client/dist/assets/SettingsView-B1MTq8v-.jsView on unpkg · L164
apis/projects/orchestration-run.jsView file
16const { Router } = require('express'); L17: const { spawn, execFile, execFileSync } = require('child_process'); L18: const path = require('path');
High
Child Process

Package source references child process execution.

apis/projects/orchestration-run.jsView on unpkg · L16
lib/jonggrang.jsView file
1784const result = require('child_process').spawnSync(testCmd, { L1785: shell: true, L1786: cwd: projectRoot,
High
Shell

Package source references shell execution.

lib/jonggrang.jsView on unpkg · L1784
apis/secrets/index.jsView file
2L3: const { Router } = require('express'); L4:
Medium
Dynamic Require

Package source references dynamic require/import behavior.

apis/secrets/index.jsView on unpkg · L2
lib/bot-reviewer/index.jsView file
1'use strict'; L2:
Low
Weak Crypto

Package source references weak cryptographic algorithms.

lib/bot-reviewer/index.jsView on unpkg · L1
hooks/pi/jonggrang-extension.tsView file
17const fs = require("fs") as typeof import("fs"); L18: const { execSync, execFileSync } = require("child_process") as typeof import("child_process"); L19: ... L36: /\bcredentials\b/i, /\.pfx$/i, /\.p12$/i, /\.crt$/i, /\.cer$/i, L37: /\.pkcs12$/i, /\.jks$/i, /\.keystore$/i, /(^|\/)\.ssh\//i, /authorized_keys/i, L38: ]; ... L65: .filter(Boolean); L66: const READERS = "(?:cat|head|tail|less|more|xxd|od|hexdump|strings|awk|sed|cp|mv|tar|zip|base64|openssl|grep|rg|fgrep|egrep|nl|tac|view|vim|vi|nano|emacs|code|subl)"; L67: const SECRETPATH = "(credentials|\\.pem(\\s|$)|\\.key(\\s|$)|id_rsa|id_ed25519|id_ecdsa|id_ed25519_sk|id_ecdsa_sk|id_dsa|identity|ssh_host_.*_key|\\.ssh/|\\.aws/credentials|authori... ... L85: .replace(/(aws_access_key_id\s*=\s*)\S+/gi, "$1<REDACTED>") L86: .replace(/-----BEGIN [A-Z ]*(PRIVATE|CERTIFICATE|EC|OPENSSH) KEY-----/g, "-----BEGIN <REDACTED>-----") L87: .replace(/(eyJ[A-Za-z0-9_-]{4,}\.[A-Za-z0-9_-]+\.)[A-Za-z0-9_-]+/g, "$1<REDACTED>")
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

hooks/pi/jonggrang-extension.tsView on unpkg · L17
bin/jonggrang.jsView file
matchType = previous_version_dangerous_delta matchedPackage = jonggrang@0.14.4 matchedIdentity = npm:am9uZ2dyYW5n:0.14.4 similarity = 0.913 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

bin/jonggrang.jsView on unpkg
9Detached bundled service listener: bin/jonggrang.js spawns server.js; helper exposes a broad-bound HTTP listener. L9: const path = require('path'); L10: const { spawn, spawnSync, execSync } = require('child_process'); L11: const readline = require('readline'); ... L24: function resolveJonggrangHome() { L25: if (process.env.JONGGRANG_HOME) return process.env.JONGGRANG_HOME; L26: L27: const candidates = [ L28: path.resolve(__dirname, '..'), L29: path.resolve(__dirname, '..', '..'), ... L55: L56: const JONGGRANG_VERSION = require('../package.json').version; L57:
High
Spawned Bundled Service Listener

Source launches a detached bundled service that exposes a broad-bound HTTP listener.

bin/jonggrang.jsView on unpkg · L9
2807try { L2808: execSync('npm install --production', { cwd: WEB_DIR, stdio: 'inherit' }); L2809: } catch {
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/jonggrang.jsView on unpkg · L2807
hooks/claude/secret-final-check.shView file
path = hooks/claude/secret-final-check.sh kind = build_helper sizeBytes = 1567 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

hooks/claude/secret-final-check.shView on unpkg
client/dist/assets/primeicons-C6QP2o4f.woff2View file
path = client/dist/assets/primeicons-C6QP2o4f.woff2 kind = high_entropy_blob sizeBytes = 35148 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

client/dist/assets/primeicons-C6QP2o4f.woff2View on unpkg
skills/library/testing/unit-testing-patterns/SKILL.mdView file
17patternName = generic_password severity = medium line = 17 matchedText = const dt...' };
Medium
Secret Pattern

Hardcoded password in skills/library/testing/unit-testing-patterns/SKILL.md

skills/library/testing/unit-testing-patterns/SKILL.mdView on unpkg · L17
client/dist/assets/ProjectSettingsView-C0Hs5bFS.jsView file
1patternName = private_key_openssh severity = critical line = 1 matchedText = import{A...----
Critical
Secret Pattern

OpenSSH private key in client/dist/assets/ProjectSettingsView-C0Hs5bFS.js

client/dist/assets/ProjectSettingsView-C0Hs5bFS.jsView on unpkg · L1

Findings

4 Critical5 High7 Medium6 Low
CriticalCritical Secretclient/dist/assets/SettingsView-B1MTq8v-.js
CriticalPrevious Version Dangerous Deltabin/jonggrang.js
CriticalSecret Patternclient/dist/assets/SettingsView-B1MTq8v-.js
CriticalSecret Patternclient/dist/assets/ProjectSettingsView-C0Hs5bFS.js
HighChild Processapis/projects/orchestration-run.js
HighShelllib/jonggrang.js
HighSpawned Bundled Service Listenerbin/jonggrang.js
HighRuntime Package Installbin/jonggrang.js
HighShips High Entropy Blobclient/dist/assets/primeicons-C6QP2o4f.woff2
MediumDynamic Requireapis/secrets/index.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencehooks/pi/jonggrang-extension.ts
MediumShips Build Helperhooks/claude/secret-final-check.sh
MediumStructural Risk Force Deep Review
MediumSecret Patternskills/library/testing/unit-testing-patterns/SKILL.md
LowScripts Present
LowWeak Cryptolib/bot-reviewer/index.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings