AI Security Review
scanned 1d ago · by lpm-firewall-aiThe npm package is primarily a launcher/downloader for a platform-specific executable. Static source does not show malware, but install-time and first-run retrieval of an unsigned binary leaves behavior outside the inspected package.
Static reason
One or more suspicious static signals were detected.
Trigger
npm postinstall or running the justcode bin
Impact
Executes externally hosted package-aligned binary whose contents are not inspectable in this source package
Mechanism
download chmod and spawn release binary
Attack narrative
On install, postinstall downloads a platform binary from the package's GitHub Releases into dist-bin, marks it executable, and the bin launcher later spawns it. The source package does not itself exfiltrate data or mutate agent control surfaces, but the executed payload is an external binary not included for static inspection or verified by hash/signature.
Rationale
Source inspection found package-aligned binary download and launch behavior, not concrete malicious logic. Because the actual executable is fetched at install/runtime without verification and is outside the reviewed source, this should be warned as a staged payload carrier rather than blocked as proven malware.
Evidence
package.jsonscripts/postinstall.mjsscripts/lib/download-binary.mjsscripts/lib/platform.mjsbin/justcode.mjsdist-bin/justcode-<os>-<arch>dist-bin/justcode-<os>-<arch>.download
Network endpoints1
github.com/kingeke/justcode/releases/download/${tag}/${assetName()}
Decision evidence
public snapshotAI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- package.json defines postinstall: node scripts/postinstall.mjs
- scripts/postinstall.mjs calls ensureBinary during install unless source checkout or JUSTCODE_SKIP_DOWNLOAD
- scripts/lib/download-binary.mjs downloads a platform executable from GitHub Releases and chmods it 0755
- bin/justcode.mjs lazily downloads the same binary on first run and spawns it with inherited stdio
- No checksum, signature, or bundled source for the downloaded executable is present
Evidence against
- Download URL is derived from package repository github.com/kingeke/justcode and package version
- Install hook writes only under package dist-bin, not home/project agent control surfaces
- No source evidence of credential harvesting, persistence, destructive actions, or foreign AI-agent config mutation
- Environment variables are limited to JUSTCODE_SKIP_DOWNLOAD and JUSTCODE_VERSION controls
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node scripts/postinstall.mjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node scripts/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings