registry  /  justcode-cli  /  0.2.5

justcode-cli@0.2.5

JustCode - an interactive terminal coding assistant CLI

AI Security Review

scanned 21h ago · by lpm-firewall-ai

Unable to establish source-grounded attack surface without filesystem inspection.

Static reason
One or more suspicious static signals were detected.
Trigger
unknown
Impact
unknown
Mechanism
unknown
Rationale
Package files were not inspected, so a source-grounded verdict cannot be produced.

Decision evidence

public snapshot
AI called this Manual Review at 0.0% confidence as Unknown with high false-positive risk.
Evidence for warning
  • Inspection could not be performed because filesystem tooling is unavailable in this response path.
Evidence against
    Behavioral surface
    Source
    ChildProcessEnvironmentVarsFilesystemNetworkShell
    Supply chain
    UrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 4 file(s), 5.78 KB of source, external domains: github.com

    Source & flagged code

    2 flagged · loading source
    package.jsonView file
    scripts.postinstall = node scripts/postinstall.mjs
    High
    Install Time Lifecycle Scripts

    Package defines install-time lifecycle scripts.

    package.jsonView on unpkg
    scripts.postinstall = node scripts/postinstall.mjs
    Medium
    Ambiguous Install Lifecycle Script

    Install-time lifecycle script is not statically allowlisted and needs review.

    package.jsonView on unpkg

    Findings

    1 High3 Medium4 Low
    HighInstall Time Lifecycle Scriptspackage.json
    MediumAmbiguous Install Lifecycle Scriptpackage.json
    MediumNetwork
    MediumEnvironment Vars
    LowNon Install Lifecycle Scripts
    LowScripts Present
    LowFilesystem
    LowUrl Strings