AI Security Review
scanned 5d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is a bundled Vue 2 component/toolkit library with user-invoked HTTP/auth helpers and UI utilities.
Static reason
One or more suspicious static signals were detected.
Trigger
Importing the library or loading lib/demo.html in a browser
Impact
Package-aligned browser behavior; no install-time execution or covert host compromise observed
Mechanism
Vue plugin registration and browser utility/helper functions
Rationale
Static inspection found noisy scanner primitives in minified bundled frontend dependencies and package-aligned auth/request utilities, but no concrete malicious behavior. With no lifecycle hooks, shell execution, persistence, or exfiltration path, this should be marked clean.
Evidence
package.jsonREADME.mdlib/pier.common.jslib/pier.umd.jslib/pier.umd.min.jslib/demo.html
Network endpoints4
login.sichuanair.comlocalhost192.168.199.205:5401${location.host}/#login
Decision evidence
public snapshotAI called this Clean at 88.0% confidence as Benign with low false-positive risk.
Evidence for block
- package.json declares dependency "fs" but it is the npm security placeholder, not a lifecycle hook or bundled payload.
- lib bundles browser request/auth helpers with endpoints such as login.sichuanair.com and an internal IP.
- Bundled code references document.cookie/localStorage in auth/cache helpers.
Evidence against
- package.json has no preinstall/install/postinstall lifecycle scripts and main is lib/pier.common.js.
- Package contains only README.md, package.json, and built lib/demo/html/js files.
- lib/pier.common.js exports Vue components/utilities and installs only when user imports or window.Vue exists.
- eval/Function/crypto hits appear in bundled dependencies/polyfills such as moment/xlsx/crypto-js patterns, not custom loader code.
- No child_process, shell execution, persistence, destructive writes, credential harvesting, or exfiltration flow found.
Behavioral surface
ChildProcessCryptoEvalShell
HighEntropyStringsMinifiedTrivialUrlStrings
Source & flagged code
3 flagged · loading sourcelib/pier.umd.min.jsView file
1((e,t)=>{"object"==typeof exports&&"object"==typeof module?module.exports=t(require("vue")):"function"==typeof define&&define.amd?define([],t):"object"==typeof exports?exports.pier...
Low
Eval
Package source references a known benign dynamic code generation pattern.
lib/pier.umd.min.jsView on unpkg · L11((e,t)=>{"object"==typeof exports&&"object"==typeof module?module.exports=t(require("vue")):"function"==typeof define&&define.amd?define([],t):"object"==typeof exports?exports.pier...
Low
Weak Crypto
Package source references weak cryptographic algorithms.
lib/pier.umd.min.jsView on unpkg · L1package.jsonView file
•Runtime dependency names matching Node built-ins: fs
High
Node Builtin Dependency Squat
Package declares a runtime dependency whose name matches a Node built-in module.
package.jsonView on unpkgFindings
1 High5 Low
HighNode Builtin Dependency Squatpackage.json
LowScripts Present
LowEvallib/pier.umd.min.js
LowWeak Cryptolib/pier.umd.min.js
LowHigh Entropy Strings
LowUrl Strings