AI Security Review
scanned 3h ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package reads lint inputs and provides user-invoked local writes for scaffolding, fixes, and baselines.
Static reason
No blocking static signals were detected.
Trigger
User runs `norma-design-lint init`, `--fix`, or `--update-baseline`.
Impact
May create or overwrite user-selected project files only when explicitly invoked; no install-time execution or network exfiltration is present.
Mechanism
Explicit local linting and project scaffolding.
Rationale
Source inspection shows a local design linter with no install lifecycle execution, networking, payload execution, or stealth persistence. Its agent-file and CI scaffolding are explicit user-command behavior and skip existing files by default.
Evidence
package.jsondist/cli.jsdist/init.jsdist/mcp.jsdist/index.jsdist/agents/AGENTS.md.normarc.json.github/workflows/design-lint.ymlAGENTS.md.norma-baseline.json
Decision evidence
public snapshotAI called this Clean at 98.0% confidence as Benign with low false-positive risk.
Evidence for block
- `dist/init.js` can scaffold `AGENTS.md` and a GitHub Actions workflow, but only through the explicit `init` command.
Evidence against
- `package.json` has no preinstall, install, postinstall, or prepare hook.
- `dist/mcp.js` is a stdio-only JSON-RPC lint server; no network client primitives found.
- No child-process, eval/vm, dynamic module loading, native binary loading, or credential harvesting found in `dist/*.js`.
- `dist/cli.js` writes only for explicit `init`, `--fix`, or `--update-baseline` actions.
- `dist/init.js` skips existing files unless the user explicitly passes `--force`.
- Bundled agent files contain design/accessibility guidance, not control-surface or exfiltration instructions.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystem
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/init.jsView file
•Published source reference
Low
Ai Review Evidence
`dist/init.js` can scaffold `AGENTS.md` and a GitHub Actions workflow, but only through the explicit `init` command.
dist/init.jsView on unpkgFindings
1 Medium5 Low
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowAi Review Evidencedist/init.js