AI Security Review
scanned 21h ago · by lpm-firewall-aiThe package is a thin npm launcher that installs or lazily fetches a native JustCode binary from GitHub Releases. The reviewed JS does not show malware, but the executable payload is remote and unauthenticated by checksum in the package.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall or first justcode CLI run
Impact
Unverified remote executable becomes the real CLI payload; malicious release replacement would execute with user privileges when launched.
Mechanism
download chmod and spawn release binary
Attack narrative
On install, postinstall calls ensureBinary unless skipped, deriving a GitHub release URL from package.json and downloading the platform asset into dist-bin before chmodding it executable. The bin entry repeats this download on first run if missing, then spawns the binary. The shipped JS is package-aligned, but the package delegates real behavior to an unverified remote executable not present for static inspection.
Rationale
Source inspection found a package-aligned binary downloader/launcher with no confirmed malicious JS behavior, but the unverified remote executable delivery leaves real unresolved risk. This warrants a warning rather than a publish block because no unconsented foreign agent control-surface mutation, exfiltration, persistence, or destructive behavior was found in the inspected package files.
Evidence
package.jsonscripts/postinstall.mjsscripts/lib/download-binary.mjsscripts/lib/platform.mjsbin/justcode.mjsdist-bin/justcode-<platform>dist-bin/justcode-<platform>.download
Network endpoints1
github.com/kingeke/justcode/releases/download/v0.1.12/justcode-<platform>
Decision evidence
public snapshotAI called this Suspicious at 78.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- package.json defines postinstall running scripts/postinstall.mjs
- scripts/lib/download-binary.mjs downloads a platform executable from GitHub Releases and chmods it 0755
- bin/justcode.mjs lazily downloads the same binary and spawns it with user args
- No checksum/signature verification is present for the downloaded executable
Evidence against
- No credential harvesting, destructive file access, or exfiltration found in shipped JS
- Network download is package-aligned to repository metadata kingeke/justcode
- JUSTCODE_SKIP_DOWNLOAD can disable postinstall download
- No writes to foreign AI-agent control surfaces such as Claude/Codex/Cursor configs found
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node scripts/postinstall.mjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node scripts/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowUrl Strings