registry  /  notecraftapp  /  0.1.1

notecraftapp@0.1.1

由 AI 生成視覺化與動態互動元件、嵌入筆記的個人筆記 Web App。用 npx 一行指令在任何 md/mdx 資料夾啟動漂亮 UI。

AI Security Review

scanned 1h ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package provides a NoteCraft CLI that stages its own app under the user's home directory, installs dependencies there, and runs local Astro/viewer commands when invoked.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs the notecraftapp CLI, especially view/build/serve.
Impact
Creates ~/.notecraft app/cache data and may start local dev/static servers; no confirmed exfiltration or unauthorized control-surface mutation.
Mechanism
user-invoked first-party app staging and local viewer/build execution
Rationale
Static inspection found risky primitives in the CLI, but they are aligned with a user-invoked local note viewer/build tool and there are no install lifecycle hooks, remote payload execution, credential theft, or foreign AI-agent control-surface writes. The runtime npm install is first-party app setup under ~/.notecraft rather than unconsented package-install execution.
Evidence
package.jsonbin/notecraftapp.mjssrc/dev-api/handlers.mjssrc/components/islands/PagefindSearch.tsx~/.notecraft/app-<version>/~/.notecraft/cache/<hash>/dist/

Decision evidence

public snapshot
AI called this Clean at 87.0% confidence as Benign with low false-positive risk.
Evidence for block
  • package.json exposes bin notecraftapp at ./bin/notecraftapp.mjs.
  • bin/notecraftapp.mjs copies package files into ~/.notecraft/app-<version> on first CLI run.
  • bin/notecraftapp.mjs runs npm install --omit=dev in the copied first-party app directory during first CLI run.
  • bin/notecraftapp.mjs spawns astro dev/build and local browser opener for view/build/serve subcommands.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle scripts.
  • Risky behavior is user-invoked through the CLI, not automatic on package install or import.
  • No credential harvesting, destructive deletion, persistence outside app/cache paths, or exfiltration endpoint found in inspected source.
  • Network-facing code is local HTTP/dev serving for the note viewer; no remote C2 or payload endpoint found.
  • src/dev-api/handlers.mjs limits write APIs to localhost and bounds note paths with path/realpath checks.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 34 file(s), 219 KB of source, external domains: 127.0.0.1

Source & flagged code

5 flagged · loading source
bin/notecraftapp.mjsView file
matchType = previous_version_dangerous_delta matchedPackage = notecraftapp@0.1.0 matchedIdentity = npm:bm90ZWNyYWZ0YXBw:0.1.0 similarity = 0.941 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

bin/notecraftapp.mjsView on unpkg
9import { defineCommand, runMain } from "citty"; L10: import { spawn, spawnSync } from "node:child_process"; L11: import { createServer } from "node:http";
High
Child Process

Package source references child process execution.

bin/notecraftapp.mjsView on unpkg · L9
65console.log(`[notecraftapp] 安裝相依(npm install)…`); L66: const install = spawnSync("npm", ["install", "--omit=dev", "--no-audit", "--no-fund"], { L67: cwd: stableAppRoot, ... L70: if (install.status !== 0) { L71: console.error("[notecraftapp] npm install 失敗"); L72: process.exit(install.status ?? 1);
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/notecraftapp.mjsView on unpkg · L65
9import { defineCommand, runMain } from "citty"; L10: import { spawn, spawnSync } from "node:child_process"; L11: import { createServer } from "node:http"; L12: import { promises as fs, existsSync, readFileSync, statSync } from "node:fs"; ... L20: const packageRoot = path.resolve(path.dirname(__filename), ".."); L21: const pkgJson = JSON.parse(readFileSync(path.join(packageRoot, "package.json"), "utf-8")); L22: ... L32: L33: const stableAppRoot = path.join(os.homedir(), ".notecraft", `app-${pkgJson.version}`); L34: L35: function isDevSource() { L36: if (process.env.NOTECRAFTAPP_DEV === "1") return true;
Low
Weak Crypto

Package source references weak cryptographic algorithms.

bin/notecraftapp.mjsView on unpkg · L9
src/components/islands/PagefindSearch.tsxView file
29const url = "/pagefind/" + "pagefind.js"; L30: const mod = await import(/* @vite-ignore */ url); L31: if (cancelled) return;
Medium
Dynamic Require

Package source references dynamic require/import behavior.

src/components/islands/PagefindSearch.tsxView on unpkg · L29

Findings

1 Critical3 High4 Medium5 Low
CriticalPrevious Version Dangerous Deltabin/notecraftapp.mjs
HighChild Processbin/notecraftapp.mjs
HighShell
HighRuntime Package Installbin/notecraftapp.mjs
MediumDynamic Requiresrc/components/islands/PagefindSearch.tsx
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptobin/notecraftapp.mjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings