AI Security Review
scanned 21h ago · by lpm-firewall-aiThe package is a thin npm launcher that obtains and executes a GitHub release binary. This creates unresolved install/runtime risk because the executable payload is remote and not integrity-pinned in the inspected source, but no concrete malicious JS behavior is present.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall or first justcode CLI run
Impact
Remote release binary can run as the user when the CLI is launched; source JS does not show data theft or persistence.
Mechanism
remote platform binary download and execution
Attack narrative
On install, postinstall calls ensureBinary, which constructs a GitHub Releases URL from package.json and the current platform, downloads the release asset into dist-bin, chmods it executable, and renames it into place. If skipped, bin/justcode.mjs repeats that download on first run before spawning the binary.
Rationale
Static source inspection finds a package-aligned remote binary installer/launcher with no checksum pinning, which is real unresolved risk but not proof of malicious behavior. No credential exfiltration, persistence payload, destructive action, or unconsented AI-agent control-surface mutation was found in the shipped source.
Evidence
package.jsonscripts/postinstall.mjsscripts/lib/download-binary.mjsscripts/lib/platform.mjsbin/justcode.mjsREADME.mddist-bin/justcode-<os>-<arch>dist-bin/justcode-<os>-<arch>.download.git/config
Network endpoints1
github.com/kingeke/justcode/releases/download/v0.1.8/justcode-<os>-<arch>
Decision evidence
public snapshotAI called this Suspicious at 78.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- package.json defines postinstall and prepare lifecycle hooks
- scripts/postinstall.mjs downloads a platform executable during install unless source checkout or JUSTCODE_SKIP_DOWNLOAD
- scripts/lib/download-binary.mjs fetches GitHub release asset and chmods it executable without checksum verification
- bin/justcode.mjs lazily downloads missing binary then spawns it with CLI args
Evidence against
- Download URL is derived from package repository/version and platform asset name, aligned with a self-contained CLI distribution
- No credential harvesting, env dumping, destructive file operations, or exfiltration logic found in shipped JS
- No AI-agent control-surface writes or foreign MCP/Claude/Codex/Cursor mutations found
- prepare only runs git config core.hooksPath .githooks and no hook files are shipped in package files
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node scripts/postinstall.mjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node scripts/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowUrl Strings