registry  /  screenpool  /  0.2.0

screenpool@0.2.0

Lightweight in-process rendering pool for Node.js — screenshots and PDFs via a fixed Chromium worker pool

AI Security Review

scanned 50m ago · by lpm-firewall-ai

No confirmed malicious attack surface was found. Runtime network access is package-aligned browser rendering of caller-supplied URLs, with default SSRF-style blocks for local and metadata targets.

Static reason
One or more suspicious static signals were detected.
Trigger
User imports API, starts ScreenPool/HTTP server, or runs the screenpool CLI.
Impact
Can fetch and render user-requested web pages; no evidence of unconsented install-time execution or data exfiltration.
Mechanism
Headless Chromium screenshot/PDF/extraction pool with guarded URL validation.
Rationale
The suspicious metadata strings are part of a default denylist, and process/env/file primitives are aligned with Chromium resolution, memory checks, and explicit CLI output. Source inspection found no concrete malicious chain or install-time behavior.
Evidence
package.jsondist/index.jsdist/cli.jsdist/http/createScreenPoolServer.jsdist/cli.js writes caller-requested output filesdist/index.js reads /proc/<pid>/status on Linux
Network endpoints3
metadata.google.internalmetadata169.254.169.254

Decision evidence

public snapshot
AI called this Clean at 92.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/index.js and dist/cli.js launch Chromium and navigate to user-provided URLs at runtime.
  • dist/index.js supports user-provided injectJS via page.evaluate, a dual-use rendering feature.
  • dist/cli.js can write rendered outputs to user-specified paths; absolute paths are allowed by design.
Evidence against
  • package.json has no install/preinstall/postinstall hooks; only prepublishOnly build script.
  • dist/index.js blocks file://, localhost, private/link-local networks, 169.254.169.254, and metadata hostnames by default.
  • dist/index.js child_process usage is limited to execFile('ps', ...) for browser memory measurement.
  • No credential harvesting, exfiltration endpoints, payload download, persistence, destructive behavior, or AI-agent control writes found.
  • dist/http/createScreenPoolServer.js exposes render routes only when user explicitly starts the server.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemShell
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 3 file(s), 112 KB of source

Source & flagged code

1 flagged · loading source
dist/index.jsView file
31function resolveConfig(config) { L32: const outputDir = config.outputDir ?? config.storage?.outputDir ?? process.env.SCREENPOOL_OUTPUT_DIR ?? DEFAULT_OUTPUT_DIR; L33: const tempDir = config.storage?.tempDir ?? process.env.SCREENPOOL_TEMP_DIR ?? `${os.tmpdir()}/screenpool`; ... L44: allowLocalhost: config.allowLocalhost ?? false, L45: allowPrivateNetworks: config.allowPrivateNetworks ?? false, L46: allowFileProtocol: config.allowFileProtocol ?? false, ... L226: } L227: dirs.add(join(homedir(), ".cache", "puppeteer")); L228: dirs.add(process.cwd()); ... L409: // src/utils/processMemory.ts L410: import { execFile } from "child_process"; L411: import { readFile } from "fs/promises";
High
Cloud Metadata Access

Source reaches cloud instance metadata or link-local credential endpoints.

dist/index.jsView on unpkg · L31

Findings

1 High1 Medium3 Low
HighCloud Metadata Accessdist/index.js
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem