registry  /  readme-guardian  /  1.0.0

readme-guardian@1.0.0

The README freshness guarantee for vibe coders. Auto-syncs README.md with live data before every push.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

The npm package performs unconsented install-time setup of a Python package via pipx. Runtime bin execution can also install or run the external Python package and shell-delegates arguments.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm install postinstall lifecycle, or running the readme-guardian/readme-sync bin
Impact
Remote package installation and code execution outside npm's package contents during install/runtime.
Mechanism
install hook invokes pipx install and wrapper delegates via execSync
Rationale
Source inspection confirms install-time execution of an external package installer, which creates a concrete unconsented remote-code installation path beyond a benign npm wrapper. No evidence of credential theft or exfiltration was found, but the lifecycle hook itself is sufficient to block. Product guard normalized a non-low false-positive publish_block request to warn-only suspicious.
Evidence
package.jsoncli.js

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Malware with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall running child_process.execSync('pipx install readme-guardian') during npm install.
  • cli.js auto-installs the Python CLI with 'pipx install readme-guardian' when the command is missing.
  • cli.js delegates arbitrary user args through shell-interpolated execSync commands.
  • The package contains only package.json and cli.js; npm package is mainly an install/delegation wrapper for a remote Python package.
Evidence against
  • No credential harvesting, filesystem enumeration, destructive commands, or explicit exfiltration found in package source.
  • No hardcoded attacker C2 URL or token found.
  • The pipx package name matches the npm package name, suggesting package-aligned delegation rather than typosquat redirection.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemShell
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 2.25 KB of source

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node -e "try{require('child_process').execSync('pipx install readme-guardian 2>/dev/null',{stdio:'pipe'})}catch(e){}"
Critical
Red Install Lifecycle Script

Install-time lifecycle script matches a deterministic static-gate block pattern.

package.jsonView on unpkg
scripts.postinstall = node -e "try{require('child_process').execSync('pipx install readme-guardian 2>/dev/null',{stdio:'pipe'})}catch(e){}"
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg

Findings

1 Critical1 High1 Medium2 Low
CriticalRed Install Lifecycle Scriptpackage.json
HighInstall Time Lifecycle Scriptspackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem