AI Security Review
scanned 21h ago · by lpm-firewall-aiThe package is a staged executable carrier: install or first CLI run fetches and executes a platform binary not present in the npm tarball. Source inspection did not find exfiltration, persistence, or AI-agent hijack behavior in the JavaScript wrapper itself.
Static reason
One or more suspicious static signals were detected.
Trigger
npm postinstall or running the justcode CLI
Impact
Unverified release binary executes with user privileges; behavior cannot be fully validated from npm source alone.
Mechanism
download chmod and spawn platform binary
Attack narrative
On install, postinstall calls ensureBinary unless skipped, deriving a GitHub release asset URL from package.json and downloading a platform executable into dist-bin. If install scripts are disabled, the bin launcher retries the same download on first run, then spawns the executable. The shipped JavaScript does not show theft, persistence, or control-surface mutation, but the executable payload is external to the npm source and lacks checksum verification.
Rationale
This is not confirmed malware from source inspection, but lifecycle/first-run download and execution of an unverified binary leaves unresolved staged-payload risk. Because the endpoint is package-aligned and no concrete malicious behavior was found in source, warn rather than block.
Evidence
package.jsonscripts/postinstall.mjsscripts/lib/download-binary.mjsscripts/lib/platform.mjsbin/justcode.mjsdist-bin/justcode-darwin-arm64dist-bin/justcode-darwin-x64dist-bin/justcode-linux-arm64dist-bin/justcode-linux-x64dist-bin/justcode-windows-x64.exe
Network endpoints1
github.com/kingeke/justcode/releases/download/${tag}/${assetName()}
Decision evidence
public snapshotAI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- package.json defines postinstall: node scripts/postinstall.mjs
- scripts/lib/download-binary.mjs downloads a platform executable from GitHub Releases during install or first run
- downloaded binary is chmod 755 and stored under dist-bin without checksum/signature verification
- bin/justcode.mjs spawns the downloaded executable with inherited stdio
Evidence against
- No credential, env, or filesystem harvesting found in shipped source
- No foreign AI-agent control-surface writes such as MCP, Claude, Codex, or Cursor configs found
- Writes are limited to package-local dist-bin download path
- Network endpoint is package-aligned GitHub Releases for the declared repository
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node scripts/postinstall.mjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node scripts/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowUrl Strings