AI Security Review
scanned 21h ago · by lpm-firewall-aiThe package installs and launches an opaque platform binary downloaded from the project's GitHub Releases. This is a real install/runtime executable payload risk, but the inspected JavaScript wrapper is package-aligned and shows no concrete malicious behavior.
Static reason
One or more suspicious static signals were detected.
Trigger
npm postinstall or first justcode CLI run
Impact
executes downloaded native/Bun-compiled CLI binary with user arguments
Mechanism
download and spawn package release binary
Attack narrative
On install, postinstall downloads a platform-specific JustCode executable from the package repository's GitHub release and places it in dist-bin; if skipped, the bin launcher repeats the download on first run and spawns it. The reviewed source does not show exfiltration, persistence, or AI-agent control hijacking, but the fetched binary itself is opaque in this package.
Rationale
Source inspection confirms an install-time/lazy remote binary downloader, which warrants warning as a staged executable payload carrier, but the endpoint and behavior are package-aligned and no concrete malicious actions are present in the shipped source.
Evidence
package.jsonscripts/postinstall.mjsscripts/lib/download-binary.mjsscripts/lib/platform.mjsbin/justcode.mjsREADME.mddist-bin/justcode-<os>-<arch>dist-bin/justcode-<os>-<arch>.download
Network endpoints1
github.com/kingeke/justcode/releases/download/v0.1.7/justcode-<os>-<arch>
Decision evidence
public snapshotAI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- package.json defines postinstall: node scripts/postinstall.mjs.
- scripts/postinstall.mjs calls ensureBinary unless source checkout or JUSTCODE_SKIP_DOWNLOAD is set.
- scripts/lib/download-binary.mjs fetches a GitHub release executable and writes it under dist-bin with executable permissions.
- bin/justcode.mjs lazily downloads the same binary on first run if missing, then spawns it with user args.
Evidence against
- Download URL is package-aligned, derived from package.json repository github.com/kingeke/justcode and version tag.
- No source evidence of credential harvesting, env/file enumeration for exfiltration, destructive behavior, persistence, or agent control-surface writes.
- Lifecycle writes only inside the package directory dist-bin path, not home/project AI-agent configs or shell/VCS hooks for consumers.
- prepare sets git hooksPath but appears developer/source-oriented and no .githooks payload is present in the published files.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node scripts/postinstall.mjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node scripts/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowUrl Strings