registry  /  neondiff  /  0.4.30-beta.1

neondiff@0.4.30-beta.1

AI Security Review

scanned 4d ago · by lpm-firewall-ai

No confirmed malicious attack surface was found. Risky primitives are tied to explicit CLI operations for PR review, provider checks, license activation, ZCode execution, and launchd daemon control, not install-time execution.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs neondiff CLI commands such as init, doctor, review-pr, license activate, providers doctor --smoke, or daemon start.
Impact
Expected package behavior may read configured secrets and contact configured GitHub/license/provider endpoints; no evidence of stealth exfiltration, persistence, or unconsented install mutation.
Mechanism
User-invoked local PR-review automation with guarded config writes, network API calls, and optional daemon controls.
Rationale
Static inspection shows a CLI package with no npm lifecycle execution; the scanner-highlighted launchd, environment, metadata-host, and network code is guarded by explicit commands and validation. The package handles configured credentials for its stated AI PR reviewer purpose and redacts outputs, with no source evidence of malicious exfiltration, remote payload execution, or unconsented persistence.
Evidence
package.jsondist/src/cli.jsdist/src/config.jsdist/src/providers.jsdist/src/github.jsdist/src/license.jsdist/src/zcode.jsdocs/SETUP.mdconfig.local.jsonlicense/license-key.txtlicense/entitlement-cache.json.zcode/config.jsonrepo-memory-packet.jsonrepo-memory-packet.mdgitnexus-context-packet.mdgithub-related-context-packet.mdskill-pack-context-packet.mdenrichment-comment.jsonenrichment.mdzcode-review-policy.json
Network endpoints5
api.github.comwww.neondiff.comlocalhost:8000/v1localhost:11434/v1example.invalid/v1

Decision evidence

public snapshot
AI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json defines bin dist/src/cli.js and scripts only; no preinstall/install/postinstall lifecycle hooks.
    • dist/src/cli.js requires explicit commands; init writes a chosen JSON config path and daemon start/stop defaults to dry-run.
    • dist/src/cli.js live launchctl mutation requires --dry-run false and --confirm true; external plist also requires --allow-external-plist true.
    • dist/src/config.js and dist/src/providers.js reject private/link-local/cloud metadata provider hosts rather than fetching them.
    • dist/src/github.js uses configured GitHub API base URL with root-relative paths and bearer auth for PR review functionality.
    • dist/src/zcode.js temporarily writes .zcode/config.json to restrict tools, then restores/removes it after the invoked user review command.
    Behavioral surface
    Source
    ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsUrlStrings
    Manifest
    NoLicense
    scanned 57 file(s), 1.14 MB of source, external domains: api.github.com, example.invalid, github.com, neondiff.local

    Source & flagged code

    4 flagged · loading source
    dist/src/providers.jsView file
    372patternName = generic_password severity = medium line = 372 matchedText = url.pass...t]";
    Medium
    Secret Pattern

    Package contains a possible secret pattern.

    dist/src/providers.jsView on unpkg · L372
    dist/src/cli.jsView file
    matchType = previous_version_dangerous_delta matchedPackage = neondiff@0.4.24-beta.1 matchedIdentity = npm:bmVvbmRpZmY:0.4.24-beta.1 similarity = 0.549 summary = stored previous version shares package body but lacks this dangerous source file
    High
    Previous Version Dangerous Delta

    This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

    dist/src/cli.jsView on unpkg
    1#!/usr/bin/env node L2: import { spawnSync } from "node:child_process"; L3: import { fileURLToPath } from "node:url"; ... L37: import { parsePositiveInteger } from "./cli-args.js"; L38: const LAUNCHCTL_TIMEOUT_MS = 15_000; L39: const PLUTIL_TIMEOUT_MS = 5_000; ... L54: if (!result.ok) L55: process.exitCode = 1; L56: return; ... L246: const status = collectReleaseStatus({ L247: cwd: process.cwd(), L248: configPath: args.config,
    Medium
    Install Persistence

    Source writes installer persistence such as shell profile or service configuration.

    dist/src/cli.jsView on unpkg · L1
    dist/src/config.jsView file
    1import { existsSync, readFileSync } from "node:fs"; L2: import { isIP } from "node:net"; L3: import { dirname, join } from "node:path"; ... L132: publicReposFree: true, L133: privateReposRequireEntitlement: true, L134: [redacted]: true ... L263: export function loadConfig(configPath) { L264: const fromFile = configPath && existsSync(configPath) ? JSON.parse(readFileSync(configPath, "utf8")) : {}; L265: return loadConfigFromObject(fromFile); ... L268: const merged = deepMerge(DEFAULT_CONFIG, fromFile); L269: merged.github.appId = process.env.EVAOS_REVIEW_BOT_APP_ID ?? merged.github.appId; L270: merged.github.privateKeyPath = process.env.EVAOS_REVIEW_BOT_PRIVATE_KEY_PATH ?? merged.github.privateKeyPath;
    High
    Cloud Metadata Access

    Source reaches cloud instance metadata or link-local credential endpoints.

    dist/src/config.jsView on unpkg · L1

    Findings

    2 High5 Medium5 Low
    HighCloud Metadata Accessdist/src/config.js
    HighPrevious Version Dangerous Deltadist/src/cli.js
    MediumSecret Patterndist/src/providers.js
    MediumNetwork
    MediumEnvironment Vars
    MediumInstall Persistencedist/src/cli.js
    MediumStructural Risk Force Deep Review
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings
    LowNo License