registry  /  payservedb  /  9.2.4

payservedb@9.2.4

AI Security Review

scanned 12d ago · by lpm-firewall-ai

No confirmed malicious attack surface found. Runtime network activity is limited to caller-supplied MongoDB connections and stored API configuration schemas/helpers.

Static reason
One or more suspicious static signals were detected.
Trigger
User imports package and explicitly calls exported connection/config helpers.
Impact
No install-time execution, credential harvesting, persistence, destructive behavior, or exfiltration identified.
Mechanism
Mongoose model exports and database connection helpers
Rationale
Static inspection shows a database model package with user-invoked MongoDB/third-party configuration helpers; scanner hits are explained by dotenv, local model requires, and schema fields. The packaged .env/default credentials are poor hygiene but do not establish malicious behavior against consumers.
Evidence
package.jsonindex.js.envsrc/models/facility_etims_config.jssrc/models/zohoIntegration.js
Network endpoints2
www.zohoapis.com/books/v3102.217.144.50:8888/api/v1/

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • package.json has no install/preinstall/postinstall/prepare lifecycle scripts or bin entry.
  • index.js exports Mongoose connection helpers and model registry; MongoDB connections are user-invoked.
  • Dynamic require in index.js is bounded to static local model paths from moveInModelDefs.
  • src/models files inspected are Mongoose schemas/models, not shell/eval/fs payloads.
  • Network URLs found are package-aligned API config defaults, not exfiltration code.
Evidence against
  • .env is packaged with database-looking User/Password values, but code does not harvest or exfiltrate them.
  • src/models/facility_etims_config.js has admin/admin fallback defaults for an ETIMS config helper.
Behavioral surface
Source
DynamicRequireEnvironmentVars
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 225 file(s), 501 KB of source, external domains: 102.217.144.50, example.com, www.zohoapis.com

Source & flagged code

2 flagged · loading source
2patternName = blocked_file severity = critical matchedText = .env redactedSecretContext = secretLikeLines = 1 L2: Password=<redacted:10 value>
Critical
Critical Secret

Package contains a critical-looking secret pattern.

.envView on unpkg · L2
index.jsView file
1const mongoose = require("mongoose"); L2: const whatsapp_conversation = require("./src/models/whatsapp_conversation");
Medium
Dynamic Require

Package source references dynamic require/import behavior.

index.jsView on unpkg · L1

Findings

1 Critical2 Medium2 Low
CriticalCritical Secret.env
MediumDynamic Requireindex.js
MediumEnvironment Vars
LowScripts Present
LowUrl Strings