registry  /  rastack  /  0.0.38

rastack@0.0.38

AI Security Review

scanned 2d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package exposes user-invoked self-update, local code generation, and opt-in AWS/GitHub deployment tooling; no install-time or import-time execution was found.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
Explicit `rastack update`, `rastack init`, `rastack ci`, `rastack deploy`, or other CLI invocation.
Impact
Authorized package updates or project/cloud changes only when the developer invokes the corresponding command.
Mechanism
User-directed CLI subprocesses, project file generation, and optional AWS deployment.
Rationale
Static hints reflect normal CLI/deployment primitives. Direct source inspection found no lifecycle-triggered behavior, credential harvesting, covert network exfiltration, remote payload execution, persistence, or AI-agent control-surface mutation.
Evidence
package.jsonruntime.tssrc/rastack.tssrc/rastack-update.tssrc/rastack-init.tssrc/deploy/io.tssrc/deploy/ci.tsprovider/wasm.ts.rastack/deploy.json.github/workflows/ci.yml.github/workflows/deploy-backend.ymltokens.rastack.jsontokens.csstokens.ts

Decision evidence

public snapshot
AI called this Clean at 96.0% confidence as Benign with low false-positive risk.
Evidence for block
  • `src/rastack-update.ts` invokes npm only for explicit `rastack update` commands.
  • `src/rastack-init.ts` writes project deployment config/workflows and invokes AWS only after explicit init flow.
  • `src/deploy/io.ts` runs fixed `aws` argv via `execFileSync`, not hidden lifecycle code.
  • `src/rastack.ts` dispatches user-supplied CLI subcommands to package scripts.
Evidence against
  • `package.json` has no preinstall, install, postinstall, prepare, or publish lifecycle hook.
  • `runtime.ts` only re-exports library modules; importing it does not execute CLI/deploy code.
  • No source references AI-agent control directories, shell profiles, SSH material, npm credentials, or exfiltration endpoints.
  • `provider/wasm.ts` uses dynamic import solely to load the package's generated WASM bundle.
  • Network schema retrieval is caller-directed URL input in `src/schema-fetch.ts` and `src/schema/fetch-schema.ts`.
  • Deployment endpoints and AWS resources are derived from explicit project configuration.
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 172 file(s), 710 KB of source, external domains: 127.0.0.1, www.w3.org

Source & flagged code

5 flagged · loading source
dist/deploy/io.jsView file
52exports.withPrompt = withPrompt; L53: const child_process_1 = require("child_process"); L54: const fs = __importStar(require("fs"));
High
Child Process

Package source references child process execution.

dist/deploy/io.jsView on unpkg · L52
provider/wasm.tsView file
12// eslint-disable-next-line no-new-func L13: new Function("s", "return import(s)") as any; L14:
Low
Eval

Package source references a known benign dynamic code generation pattern.

provider/wasm.tsView on unpkg · L12
dist/rastack-compile.jsView file
12Object.defineProperty(exports, "__esModule", { value: true }); L13: const compile_1 = require("./compile"); L14: const DEFAULT_RESOURCES = "resources";
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/rastack-compile.jsView on unpkg · L12
src/rastack-update.tsView file
14* prefix (`~/.rastack`, via the hosted installer). Updating re-runs L15: * `npm install -g rastack@<target>` against that SAME prefix — derived from where L16: * the running CLI lives — so it never scatters a second copy into npm's default ... L19: L20: import { execFileSync } from "child_process"; L21: import { readFileSync } from "fs";
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

src/rastack-update.tsView on unpkg · L14
dist/deploy/config.jsView file
matchType = previous_version_dangerous_delta matchedPackage = rastack@0.0.37 matchedIdentity = npm:cmFzdGFjaw:0.0.37 similarity = 0.958 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/deploy/config.jsView on unpkg

Findings

1 Critical3 High4 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/deploy/config.js
HighChild Processdist/deploy/io.js
HighShell
HighRuntime Package Installsrc/rastack-update.ts
MediumDynamic Requiredist/rastack-compile.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvalprovider/wasm.ts
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings