registry  /  mates-ssr  /  0.1.0

mates-ssr@0.1.0

Server-side HTML rendering for mates-fullstack apps

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
A consumer explicitly imports and invokes `dist/ssr.js`/`renderPage`, or otherwise calls the Obscura rendering path.
Impact
Can cause the server running the consumer application to request loopback or private-network resources through `node-obscura`.
Mechanism
Private-network SSRF-filter bypass through a browser-scraping dependency.
Rationale
Source inspection found no malicious lifecycle, persistence, credential theft, or exfiltration. However, shipped code contains an intentional private-network SSRF bypass, creating a concrete dangerous capability despite being outside the public entrypoint.
Evidence
package.jsondist/index.jsdist/use-ssr.jsdist/ssr.jsdist/obscura-session.jsdist/url-utils.jsdist/ssr-module-loader.js
Network endpoints1
127.0.0.1.nip.io

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/ssr.js` configures `node-obscura` with private-network access enabled by default.
  • `dist/url-utils.js` rewrites loopback hosts to `127.0.0.1.nip.io` to bypass the scraper's loopback filter.
  • `dist/obscura-session.js` dynamically loads `node-obscura` and requests URLs supplied to SSR rendering.
Evidence against
  • `package.json` has no preinstall, install, or postinstall lifecycle hook.
  • Public entrypoint `dist/index.js` exports the separate native SSR implementation in `dist/use-ssr.js`.
  • No credential harvesting, shell execution, external exfiltration endpoint, or AI-agent configuration mutation was found.
  • `dist/ssr-module-loader.js` writes only a project-local SSR bundle under `dist/.ssr` when explicitly invoked.
Behavioral surface
Source
CryptoDynamicRequireEnvironmentVarsFilesystem
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 18 file(s), 54.5 KB of source, external domains: ssr.local

Source & flagged code

1 flagged · loading source
dist/renderer.jsView file
15installSsrGlobals({ url: "http://ssr.local/" }); L16: _mates = await import("mates"); L17: return _mates;
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/renderer.jsView on unpkg · L15

Findings

2 Medium5 Low
MediumDynamic Requiredist/renderer.js
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License