registry  /  projen  /  0.101.14

projen@0.101.14

CDK for software projects

AI Security Review

scanned 38m ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No install-time attack path is present. An explicit `AiInstructions` API can synthesize project-local instruction files for several AI coding agents; this is a guarded control-surface capability rather than a confirmed malicious chain.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
Caller instantiates `AiInstructions` and synthesizes the project.
Impact
Can influence configured coding agents within that project after explicit opt-in.
Mechanism
Writes selected AI-agent instruction files as generated project files.
Rationale
No concrete malicious behavior was found. The explicit multi-agent control-surface writer warrants a warning under the supplied policy, but not a block.
Evidence
package.jsonbin/projenlib/cli/index.jslib/projects.jslib/run-task.cjslib/ai-instructions.jslib/file.jslib/util/exec.jslib/javascript/biome/biome.jslib/cdk/index.js

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `lib/ai-instructions.js` provides an opt-in component that generates `AGENTS.md`, `CLAUDE.md`, Cursor, Copilot, Amazon Q, and Kiro instruction files.
  • Those files are created during project synthesis after a caller instantiates `AiInstructions`; defaults target all supported agents.
Evidence against
  • `package.json` has no `preinstall`, `install`, `postinstall`, or `prepare` lifecycle hook.
  • `bin/projen` invokes the CLI only after explicit execution.
  • `lib/ai-instructions.js` has no package-internal `new AiInstructions` call; it is an exported API.
  • `lib/run-task.cjs` runs consuming-project task manifests only after explicit task invocation.
  • No package-owned endpoint, credential exfiltration, remote payload fetch, or destructive chain was found.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 229 file(s), 5.02 MB of source, external domains: aws.amazon.com, biomejs.dev, bit.ly, docs.aws.amazon.com, github.com, maven.apache.org, nextjs.org, nodejs.org, parceljs.org, projen.io, python-poetry.org, reactjs.org, registry.npmjs.org, test.pypi.org, vercel.com, www.npmjs.com, www.w3.org

Source & flagged code

9 flagged · loading source
lib/run-task.cjsView file
5907patternName = aws_access_key severity = critical line = 5907 matchedText = var byte...=");
Critical
Critical Secret

Package contains a critical-looking secret pattern.

lib/run-task.cjsView on unpkg · L5907
5907patternName = aws_access_key severity = critical line = 5907 matchedText = var byte...=");
Critical
Secret Pattern

AWS access key ID in lib/run-task.cjs

lib/run-task.cjsView on unpkg · L5907
9332patternName = aws_access_key severity = critical line = 9332 matchedText = var byte...0");
Critical
Secret Pattern

AWS access key ID in lib/run-task.cjs

lib/run-task.cjsView on unpkg · L9332
874Cross-file remote execution chain: lib/run-task.cjs spawns lib/tasks.js; helper contains network access plus dynamic code execution. L874: graph[models[i]] = { L875: // http://jsperf.com/1-vs-infinity L876: // micro-opt, but this is simple. ... L1202: } L1203: if (process.platform === "win32") { L1204: const osRelease = os2.release().split("."); ... L1247: supportsColor: getSupportLevel, L1248: stdout: translateLevel(supportsColor(true, tty2.isatty(1))), L1249: stderr: translateLevel(supportsColor(true, tty2.isatty(2))) ... L1316: if (u && !bracket && c.length === 5 || c[0] === "x" && c.length === 3) { L1317: return String.fromCharCode(parseInt(c.slice(1), 16)); L1318: }
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

lib/run-task.cjsView on unpkg · L874
lib/util/exec.jsView file
38exports.systemShell = systemShell; L39: const child_process = __importStar(require("child_process")); L40: const fs = __importStar(require("fs"));
High
Child Process

Package source references child process execution.

lib/util/exec.jsView on unpkg · L38
lib/javascript/node-project.jsView file
412if (release || shouldPackage) { L413: this.packageTask.execArgs([ L414: "mkdir",
High
Shell

Package source references shell execution.

lib/javascript/node-project.jsView on unpkg · L412
lib/cdk/index.jsView file
16Object.defineProperty(exports, "__esModule", { value: true }); L17: __exportStar(require("./construct-lib"), exports); L18: __exportStar(require("./jsii-docgen"), exports);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

lib/cdk/index.jsView on unpkg · L16
lib/projects.jsView file
74try { L75: return path.dirname(require.resolve(path.join(moduleName, "package.json"), { L76: paths: [process.cwd()], L77: })); ... L127: const postSynth = opts.post ?? true; L128: process.env.PROJEN_DISABLE_POST = (!postSynth).toString(); L129: process.env.PROJEN_CREATE_PROJECT = "true"; ... L131: } L132: //# sourceMappingURL=data:application/json;base64,[redacted]...
Medium
Unsafe Vm Context

Package source executes code through a VM context API.

lib/projects.jsView on unpkg · L74
lib/javascript/biome/biome.jsView file
matchType = previous_version_dangerous_delta matchedPackage = projen@0.101.11 matchedIdentity = npm:cHJvamVu:0.101.11 similarity = 0.983 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

lib/javascript/biome/biome.jsView on unpkg

Findings

4 Critical3 High5 Medium4 Low
CriticalCritical Secretlib/run-task.cjs
CriticalPrevious Version Dangerous Deltalib/javascript/biome/biome.js
CriticalSecret Patternlib/run-task.cjs
CriticalSecret Patternlib/run-task.cjs
HighChild Processlib/util/exec.js
HighShelllib/javascript/node-project.js
HighCross File Remote Execution Contextlib/run-task.cjs
MediumDynamic Requirelib/cdk/index.js
MediumUnsafe Vm Contextlib/projects.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings