registry  /  sarvam-cli  /  1.17.18

sarvam-cli@1.17.18

Sarvam CLI — an AI coding agent for the terminal, powered by Sarvam AI. A fork of opencode.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Installation retrieves an unverified platform-native executable, which the package launcher runs later. The remote binary is not included in the reviewed package source.

Static reason
One or more suspicious static signals were detected.
Trigger
`npm install` runs postinstall; an explicit `sarvam` or `sarvam-cli` command executes the binary.
Impact
A compromised or replaced release artifact can obtain arbitrary code execution when the CLI is invoked.
Mechanism
postinstall remote binary download, extraction, and launcher execution
Rationale
The source establishes an unverified install-time remote binary delivery and execution chain, so it cannot be marked clean by static inspection. Its repository- and version-aligned endpoint makes concrete malicious intent unproven; warn rather than block.
Evidence
package.jsoninstall.mjsbin/sarvam-cli.mjsbin/native/sarvam-clibin/native/sarvam-cli.exe
Network endpoints1
github.com/prashlkam/Sarvam-CLI/releases/download/v${version}/${archive}

Decision evidence

public snapshot
AI called this Suspicious at 93.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `package.json` runs `node install.mjs` as `postinstall`.
  • `install.mjs` downloads a versioned native archive from GitHub during install.
  • `install.mjs` extracts the archive and writes `bin/native/sarvam-cli`.
  • No checksum, signature, or pinned artifact digest verifies the downloaded binary.
  • `bin/sarvam-cli.mjs` executes the downloaded native binary with user arguments.
Evidence against
  • URLs are fixed to the package's declared GitHub repository and package version.
  • The JavaScript source contains no credential harvesting, broad file collection, or exfiltration.
  • No AI-agent configuration mutation, persistence hook, or destructive action is present in inspected source.
Behavioral surface
Source
ChildProcessFilesystemNetworkShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 4.48 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node install.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node install.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings