AI Security Review
scanned 1h ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package provides a NoteCraft CLI that stages its own app under the user's home directory, installs dependencies there, and runs local Astro/viewer commands when invoked.
Decision evidence
public snapshot- package.json exposes bin notecraftapp at ./bin/notecraftapp.mjs.
- bin/notecraftapp.mjs copies package files into ~/.notecraft/app-<version> on first CLI run.
- bin/notecraftapp.mjs runs npm install --omit=dev in the copied first-party app directory during first CLI run.
- bin/notecraftapp.mjs spawns astro dev/build and local browser opener for view/build/serve subcommands.
- package.json has no preinstall/install/postinstall lifecycle scripts.
- Risky behavior is user-invoked through the CLI, not automatic on package install or import.
- No credential harvesting, destructive deletion, persistence outside app/cache paths, or exfiltration endpoint found in inspected source.
- Network-facing code is local HTTP/dev serving for the note viewer; no remote C2 or payload endpoint found.
- src/dev-api/handlers.mjs limits write APIs to localhost and bounds note paths with path/realpath checks.
Source & flagged code
5 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/notecraftapp.mjsView on unpkgPackage source references child process execution.
bin/notecraftapp.mjsView on unpkg · L9Package source invokes a package manager install command at runtime.
bin/notecraftapp.mjsView on unpkg · L65Package source references weak cryptographic algorithms.
bin/notecraftapp.mjsView on unpkg · L9Package source references dynamic require/import behavior.
src/components/islands/PagefindSearch.tsxView on unpkg · L29