registry  /  shadcn-vue  /  2.8.0

shadcn-vue@2.8.0

Add components to your apps.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `shadcn-vue mcp init` and selects a non-Codex client.
Impact
Persists an MCP server launch command in the selected project configuration; later client startup can invoke the package.
Mechanism
Explicit project-local MCP configuration and dependency setup.
Rationale
No concrete malware, credential theft, destructive action, stealth persistence, or install-time control-surface mutation was found. Per policy, the explicit MCP client configuration mutation warrants a warning rather than a block.
Evidence
package.jsondist/index.jsdist/mcp-C4LGMHOi.jsdist/registry-C1OCR6fn.js.mcp.json.cursor/mcp.json.vscode/mcp.jsonopencode.json
Network endpoints1
shadcn-vue.com/r

Decision evidence

public snapshot
AI called this Suspicious at 89.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `dist/index.js` exposes explicit `mcp init` commands that write selected project AI-client MCP config files.
  • The generated MCP entries invoke `npx shadcn-vue@latest mcp`, leaving a mutable package tag in the client configuration.
  • `mcp init` also adds `shadcn-vue@latest` as a project dev dependency.
Evidence against
  • `package.json` has no `preinstall`, `install`, `postinstall`, or `prepare` lifecycle hook.
  • MCP configuration mutation requires an explicit `shadcn-vue mcp init --client ...` command.
  • For Codex, `dist/index.js` prints instructions for `~/.codex/config.toml` rather than writing it.
  • Registry networking is CLI functionality; the default registry is `https://shadcn-vue.com/r` and registry headers come from user configuration.
  • No `eval`, `Function`, VM, native binary loading, credential harvesting, or automatic exfiltration was found.
  • `dist/index.js` validates registry file targets before component installation.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 11 file(s), 306 KB of source, external domains: fonts.googleapis.com, github.com, opencode.ai, shadcn-vue.com, tailwindcss.com

Source & flagged code

1 flagged · loading source
dist/index.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/index.js` exposes explicit `mcp init` commands that write selected project AI-client MCP config files.

dist/index.jsView on unpkg

Findings

5 Medium4 Low
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidencedist/index.js
MediumAi Review Evidence
MediumSuspicious Dependency Evidence
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings