AI Security Review
scanned 21h ago · by lpm-firewall-aiThe package is a thin npm launcher that retrieves an opaque platform executable from GitHub Releases at install time or first run. No direct malicious JS behavior was found, but the executable payload is outside the inspected package source.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall or running the justcode bin
Impact
User runs an uninspected coding-agent binary capable of command and file operations by product design
Mechanism
download-and-execute external platform binary
Attack narrative
On install, postinstall calls ensureBinary, which builds a GitHub Releases URL from package metadata, downloads a platform-specific JustCode executable to dist-bin, chmods it executable, and renames it into place. If install scripts are skipped, the bin launcher repeats the download on first run and then spawns the binary. The inspected JS does not exfiltrate data or mutate foreign agent surfaces, but the real CLI behavior is in an external binary not present for source review.
Rationale
Source inspection shows no concrete malware, but lifecycle retrieval of an executable payload without in-package verification leaves unresolved supply-chain risk. Because the behavior is package-aligned for a self-contained CLI and not a foreign agent hijack, warn rather than block.
Evidence
package.jsonscripts/postinstall.mjsscripts/lib/download-binary.mjsscripts/lib/platform.mjsbin/justcode.mjsREADME.mddist-bin/justcode-<os>-<arch>dist-bin/justcode-<os>-<arch>.download
Network endpoints1
github.com/kingeke/justcode/releases/download/v0.3.0/justcode-<os>-<arch>
Decision evidence
public snapshotAI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- package.json defines postinstall: node scripts/postinstall.mjs
- scripts/postinstall.mjs downloads a platform binary during install unless source checkout or JUSTCODE_SKIP_DOWNLOAD
- scripts/lib/download-binary.mjs fetches GitHub release asset and writes dist-bin/<asset> with executable mode
- bin/justcode.mjs lazily downloads the same binary if missing and spawns it with user args
- Downloaded executable has no package-local checksum or signature verification
Evidence against
- Network URL is derived from package.json repository github.com/kingeke/justcode and package version
- No credential harvesting, env sweeping, persistence, destructive behavior, or AI-agent control-surface writes found in packaged JS
- prepare hook only sets git core.hooksPath and is not part of published install lifecycle execution
- Postinstall failure is nonfatal and JUSTCODE_SKIP_DOWNLOAD opt-out exists
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node scripts/postinstall.mjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node scripts/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowUrl Strings