registry  /  rastack  /  0.0.44

rastack@0.0.44

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Explicit `rastack init`, `bootstrap`, `deploy`, `seed`, and `update` commands can modify the caller's project, cloud infrastructure, GitHub repository variables, or installed CLI. No install-time or import-time attack behavior was found.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs privileged CLI subcommands such as `rastack init`, `bootstrap`, `deploy`, `seed`, or `update`.
Impact
Authorized but high-impact developer-environment and cloud-deployment actions; no confirmed covert attack chain.
Mechanism
User-invoked project scaffolding, AWS/GitHub CLI orchestration, self-update, and local process execution.
Rationale
Source inspection does not support a malicious verdict, but the package exposes real high-impact deployment and self-update capabilities. Flag it for warning rather than blocking so users can assess its intended cloud and repository mutations.
Evidence
package.jsonsrc/rastack.tssrc/rastack-init.tssrc/rastack-bootstrap.tssrc/rastack-update.tssrc/deploy/io.tssrc/seed.tssrc/update.ts.rastack/deploy.json.github/workflows/ci.yml.github/workflows/deploy-backend.yml.rastack/tmp/seed.py
Network endpoints2
github.comcognito-idp.${cfg.region}.amazonaws.com/${cfg.outputs.userPoolId}

Decision evidence

public snapshot
AI called this Suspicious at 84.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `src/rastack-init.ts` writes `.github/workflows/*` and `.rastack/*` on explicit `rastack init`.
  • `src/deploy/io.ts` invokes the user's `aws` and `gh` CLIs for deployment and GitHub variable setup.
  • `src/rastack-update.ts` explicitly runs `npm install -g rastack[@version]` for self-update.
  • `src/rastack.ts` dispatches user CLI arguments through child-process calls; `src/seed.ts` runs a generated Python seed script.
Evidence against
  • `package.json` has no `preinstall`, `install`, `postinstall`, or other lifecycle hook.
  • No source evidence of credential harvesting, hidden persistence, destructive deletion, or secret exfiltration.
  • AWS/GitHub operations are reached only through named user CLI commands and interactive confirmation where TTY is available.
  • `src/update.ts` restricts update versions; POSIX npm/AWS/GitHub calls use argument-array execution without a shell.
  • Dynamic imports load the package's WASM/admin assets, not a remote payload.
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 188 file(s), 1.12 MB of source, external domains: 127.0.0.1, cli.github.com, react.dev, www.w3.org

Source & flagged code

8 flagged · loading source
dist/deploy/io.jsView file
57exports.withPrompt = withPrompt; L58: const child_process_1 = require("child_process"); L59: const fs = __importStar(require("fs"));
High
Child Process

Package source references child process execution.

dist/deploy/io.jsView on unpkg · L57
src/rastack-update.tsView file
58* `npm.cmd` shim through a shell; we pass one command string to `execSync` L59: * rather than an args array with `shell: true` (Node 22+ DEP0190 — args would be L60: * concatenated unescaped). The only non-literal token, the version, is already
High
Shell

Package source references shell execution.

src/rastack-update.tsView on unpkg · L58
dist/admin.jsView file
8Error generating stack: `+a.message+` L9: `+a.stack}}var dc=Object.prototype.hasOwnProperty,ns=Se.unstable_scheduleCallback,zr=Se.unstable_cancelCallback,Tb=Se.unstable_shouldYield,Eb=Se.unstable_requestPaint,Ie=Se.unstabl... L10: `).replace(cv,"")}function By(e,t){return t=Qm(t),Qm(e)===t}function J(e,t,n,a,l,i){switch(n){case"children":typeof a=="string"?t==="body"||t==="textarea"&&a===""||Fa(e,a):(typeof ... ... L17: `,u+1),r=o===-1?"":i.slice(o+1);String(a.stack).endsWith(r)||(a.stack+=` L18: `+i)}}catch{}}throw a}}_request(t,n){typeof t=="string"?(n=n||{},n.url=t):n=t||{},n=Rt(this.defaults,n);let{transitional:a,paramsSerializer:l,headers:i}=n;a!==void 0&&ji.assertOpti... L19: ${l.join(`
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/admin.jsView on unpkg · L8
17`,u+1),r=o===-1?"":i.slice(o+1);String(a.stack).endsWith(r)||(a.stack+=` L18: `+i)}}catch{}}throw a}}_request(t,n){typeof t=="string"?(n=n||{},n.url=t):n=t||{},n=Rt(this.defaults,n);let{transitional:a,paramsSerializer:l,headers:i}=n;a!==void 0&&ji.assertOpti... L19: ${l.join(`
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/admin.jsView on unpkg · L17
dist/rastack-compile.jsView file
12Object.defineProperty(exports, "__esModule", { value: true }); L13: const compile_1 = require("./compile"); L14: const DEFAULT_RESOURCES = "resources";
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/rastack-compile.jsView on unpkg · L12
src/rastack-dev.tsView file
19Cross-file remote execution chain: src/rastack-dev.ts spawns dist/admin.js; helper contains network access plus dynamic code execution. L19: L20: import { execFileSync, spawnSync } from "child_process"; L21: import * as fs from "fs"; L22: import * as http from "http"; L23: import * as path from "path"; ... L31: L32: const HERE = __dirname; // dist/ when installed L33: ... L91: if (target !== safeRoot && !target.startsWith(safeRoot + path.sep)) { L92: res.writeHead(403).end("Forbidden"); L93: return; ... L117: const cmd =
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

src/rastack-dev.tsView on unpkg · L19
dist/wasm/rastack_wasm_bg.wasmView file
path = dist/wasm/rastack_wasm_bg.wasm kind = wasm_module sizeBytes = 9569587 magicHex = [redacted]
Medium
Ships Wasm Module

Package ships WebAssembly modules.

dist/wasm/rastack_wasm_bg.wasmView on unpkg
dist/rastack-dev.jsView file
matchType = previous_version_dangerous_delta matchedPackage = rastack@0.0.43 matchedIdentity = npm:cmFzdGFjaw:0.0.43 similarity = 0.867 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/rastack-dev.jsView on unpkg

Findings

1 Critical4 High5 Medium6 Low
CriticalPrevious Version Dangerous Deltadist/rastack-dev.js
HighChild Processdist/deploy/io.js
HighShellsrc/rastack-update.ts
HighSame File Env Network Executiondist/admin.js
HighCross File Remote Execution Contextsrc/rastack-dev.ts
MediumDynamic Requiredist/rastack-compile.js
MediumNetwork
MediumEnvironment Vars
MediumShips Wasm Moduledist/wasm/rastack_wasm_bg.wasm
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvaldist/admin.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings