AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious attack surface. This is an explicit-use Redmine REST client that reads configuration and makes authenticated requests only through invoked client methods.
Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
Consumer calls `RedmineClient.fromEnv()` and a read/write client method.
Impact
Can read or modify Redmine resources authorized by the caller's configured API key.
Mechanism
Configured Redmine REST API client with optional custom CA loading.
Rationale
Source inspection shows expected, user-invoked Redmine API behavior with metadata-host and protocol restrictions. The static network and environment-variable signals are package-aligned and do not establish an unconsented or malicious chain.
Evidence
package.jsondist/config.jsdist/http.jsdist/client.jsdist/writes.jsdist/index.jsdist/issues.jsdist/mask.jsdist/errors.jsdist/types.js
Decision evidence
public snapshotAI called this Clean at 97.0% confidence as Benign with low false-positive risk.
Evidence for block
- `dist/http.js` sends API-key-authenticated HTTP requests to the configured Redmine URL.
- `dist/http.js` optionally reads a user-configured CA certificate file.
Evidence against
- `package.json` has no install or lifecycle hooks.
- `dist/index.js` only exports library APIs; importing does not initiate requests.
- `dist/config.js` requires explicit Redmine environment configuration and rejects metadata/link-local hosts.
- `dist/http.js` sends requests only when client methods are called and masks the configured API key in errors.
- No child-process, dynamic-code, payload-loading, persistence, or AI-agent control-surface logic found.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/config.jsView file
4const LOCAL_HTTP_HOSTS = new Set(["localhost", "127.0.0.1", "redmine"]);
L5: function isPrivateIpv4(host) {
L6: const m = /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/.exec(host);
...
L34: }
L35: export function loadConfig(env = process.env) {
L36: const urlRaw = env.REDMINE_URL?.trim();
...
L52: message: `Invalid REDMINE_URL: ${urlRaw}`,
L53: check: ["Use an absolute URL like https://redmine.example.com"],
L54: });
High
Cloud Metadata Access
Source reaches cloud instance metadata or link-local credential endpoints.
dist/config.jsView on unpkg · L4•matchType = previous_version_dangerous_delta
matchedPackage = redmine-devrelay-client@0.1.1
matchedIdentity = npm:cmVkbWluZS1kZXZyZWxheS1jbGllbnQ:0.1.1
similarity = 0.429
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/config.jsView on unpkgFindings
2 High2 Medium4 Low
HighCloud Metadata Accessdist/config.js
HighPrevious Version Dangerous Deltadist/config.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings