registry  /  juggernaut-bedrock  /  5.3.0

juggernaut-bedrock@5.3.0

Route Claude Code through Amazon Bedrock in one command — IAM, SSO, or API key. Cross-platform CLI for GenAI developers.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

No confirmed malicious attack surface in the inspected wrapper package. The runtime behavior is a user-invoked launcher for allowlisted platform packages, with no install-time execution.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs the `juggernaut` CLI.
Impact
Executes the package-selected native CLI with inherited environment; no source-confirmed exfiltration or persistence in this package.
Mechanism
allowlisted platform binary launcher
Rationale
The suspicious primitives are package-aligned launcher behavior: the package has no lifecycle hooks, no source-level network code, and no install-time mutation of Claude/Codex/Cursor/MCP control surfaces. Documented Claude configuration appears user-invoked via the delegated CLI, not delivered automatically by this npm wrapper.
Evidence
package.jsonindex.jsREADME.md

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with low false-positive risk.
Evidence for block
  • README documents user-invoked `juggernaut apply` can write Claude settings and shell activation, but this package source does not implement lifecycle delivery.
Evidence against
  • package.json has no preinstall/install/postinstall hooks and only exposes bin `juggernaut` -> `./index.js`.
  • index.js executes only under `require.main === module`; importing exports helper functions only.
  • index.js allowlists platform optional package names and validates binary realpath stays under package directory before spawn.
  • child_process.spawnSync runs a package-owned platform binary with `shell:false` and forwards sanitized CLI args.
  • No source writes files, harvests credentials, registers MCP/agent surfaces at install time, or performs network calls.
  • Scanner runtime install hint is from an error message suggesting `npm install -g`, not an executed package manager command.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystem
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 6.67 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
index.jsView file
4var path = require("path"); L5: var childProcess = require("node:child_process"); L6: var fs = require("fs");
High
Child Process

Package source references child process execution.

index.jsView on unpkg · L4
index.js#virtual:normalized:round1View file
153process.stderr.write( L154: "juggernaut-bedrock is in a broken or partially-updated state (launcher v" + rootVersion + ", binary v" + binVersion + ").\nThis usually happens when the package was updated while ... L155: ); ... L158: var args = safeForwardArgs(process.argv.slice(2)); L159: var result = child_process.spawnSync(bin, args, { L160: stdio: "inherit",
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

index.js#virtual:normalized:round1View on unpkg · L153

Findings

2 High1 Medium3 Low
HighChild Processindex.js
HighRuntime Package Installindex.js#virtual:normalized:round1
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings