registry  /  margins-cli  /  0.13.0

margins-cli@0.13.0

CLI for Margins — sync and review Markdown in Git

AI Security Review

scanned 6d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a Margins CLI that syncs markdown/images to a configured Margins workspace and can optionally install a git hook or GitHub workflow through explicit commands.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs margins CLI commands such as workspace push, install, login, open, or install-hook.
Impact
Markdown/image files may be uploaded to the configured Margins server when the user invokes sync/push; optional git hooks/workflows are explicitly requested.
Mechanism
User-invoked project sync and repository onboarding
Rationale
Static inspection found only package-aligned, user-invoked CLI behavior; scanner signals map to bundled dependencies and legitimate sync/onboarding commands. There is no lifecycle-triggered mutation, exfiltration, AI-agent hijack, or hidden execution path.
Evidence
package.jsonbin/margins.jsdist/index.mjsdist/api-client-Bm-1E7Rd.mjsdist/push-DXzhGFdh.mjsdist/collect-sync-files-BZpXOHa2.mjsdist/install-hook-C0O_3wPy.mjsdist/install-C10Eri43.mjsdist/margins-sync-kAOFCBrI.mjsdist/open-Cc9SU1qE.mjs.margins.json.marginsignore.git/hooks/pre-push.git/hooks/post-commit.github/workflows/margins-sync.yml
Network endpoints2
margins.thealvistar.comgithub.com/alvistar/margins-sync-action#readme

Decision evidence

public snapshot
AI called this Clean at 94.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no install/postinstall hook; prepublishOnly only runs npm test for publishing.
    • bin/margins.js only imports dist/index.mjs CLI entrypoint.
    • Network calls use configured Margins server default https://margins.thealvistar.com and user auth for CLI features.
    • child_process use is user-invoked: git branch detection, gh CLI for install/audit, and open package browser launch.
    • install-hook writes .git/hooks/pre-push or post-commit only when explicit margins install-hook is run.
    • No AI-agent control-surface writes, credential harvesting, remote code execution, or import-time behavior found.
    Behavioral surface
    Source
    ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
    Supply chain
    HighEntropyStringsUrlStrings
    Manifest
    NoLicense
    scanned 42 file(s), 700 KB of source, external domains: 127.0.0.1, auth.example.com, datatracker.ietf.org, github.com, json-schema.org, margins.thealvistar.com, raw.githubusercontent.com

    Source & flagged code

    6 flagged · loading source
    dist/open-Cc9SU1qE.mjsView file
    1#!/usr/bin/env node L2: import childProcess, { execFile } from "node:child_process"; L3: import path from "node:path";
    High
    Child Process

    Package source references child process execution.

    dist/open-Cc9SU1qE.mjsView on unpkg · L1
    87})(); L88: const powerShellPathFromWsl = async () => { L89: return `${await wslDrivesMountPoint()}[redacted].0/powershell.exe`;
    High
    Shell

    Package source references shell execution.

    dist/open-Cc9SU1qE.mjsView on unpkg · L87
    dist/config-HnkTjvGH.mjsView file
    3065ref: validation_error_1.default, L3066: code: (0, codegen_1._)`require("ajv/dist/runtime/validation_error").default` L3067: });
    Medium
    Dynamic Require

    Package source references dynamic require/import behavior.

    dist/config-HnkTjvGH.mjsView on unpkg · L3065
    3104if (this.opts.code.process) sourceCode = this.opts.code.process(sourceCode, sch); L3105: const validate = new Function(`${names_1.default.self}`, `${names_1.default.scope}`, sourceCode)(this, this.scope.get()); L3106: this.scope.value(validateName, { ref: validate });
    Low
    Eval

    Package source references a known benign dynamic code generation pattern.

    dist/config-HnkTjvGH.mjsView on unpkg · L3104
    dist/index.mjsView file
    14Cross-file remote execution chain: dist/index.mjs spawns dist/config-HnkTjvGH.mjs; helper contains network access plus dynamic code execution. L14: * Constructs the CommanderError class L15: * @param {number} exitCode suggested exit code which could be used with process.exit L16: * @param {string} code an id string representing the error ... L161: * @return {string} L162: * @private L163: */ ... L177: * TypeScript import types for JSDoc, used by Visual Studio Code IntelliSense and `npm run typescript-checkJS` L178: * https://www.typescriptlang.org/docs/handbook/jsdoc-supported-types.html#import-types L179: * @typedef { import("./argument.js").Argument } Argument ... L1026: const EventEmitter = __require("node:events").EventEmitter; L1027: const childProcess = __require("node:child_process"); L1028: const path = __require("node:path");
    High
    Cross File Remote Execution Context

    Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

    dist/index.mjsView on unpkg · L14
    dist/margins-sync-kAOFCBrI.mjsView file
    matchType = previous_version_dangerous_delta matchedPackage = margins-cli@0.12.0 matchedIdentity = npm:bWFyZ2lucy1jbGk:0.12.0 similarity = 0.952 summary = stored previous version shares package body but lacks this dangerous source file
    Critical
    Previous Version Dangerous Delta

    This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

    dist/margins-sync-kAOFCBrI.mjsView on unpkg

    Findings

    1 Critical3 High4 Medium7 Low
    CriticalPrevious Version Dangerous Deltadist/margins-sync-kAOFCBrI.mjs
    HighChild Processdist/open-Cc9SU1qE.mjs
    HighShelldist/open-Cc9SU1qE.mjs
    HighCross File Remote Execution Contextdist/index.mjs
    MediumDynamic Requiredist/config-HnkTjvGH.mjs
    MediumNetwork
    MediumEnvironment Vars
    MediumStructural Risk Force Deep Review
    LowNon Install Lifecycle Scripts
    LowScripts Present
    LowEvaldist/config-HnkTjvGH.mjs
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings
    LowNo License