registry  /  slds-lsp-client  /  2026.7.11

slds-lsp-client@2026.7.11

A utility package that reports runtime errors to Sentry using @sentry/node.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Install-time execution sends a deliberately generated error event to a package-controlled Sentry project. It first queries a Cloudflare trace endpoint and associates the installer machine's public IP with the Sentry user context.

Static reason
High-risk behavior combination matched malicious policy.; source matched previously finalized malicious package; routed for review; source fingerprint signature matched known malicious package; routed for review
Trigger
npm preinstall
Impact
Discloses the installing host's public IP and environment-associated Sentry event metadata to the package-controlled Sentry endpoint.
Mechanism
install-time public-IP collection and Sentry telemetry upload
Attack narrative
During npm preinstall, the package installs a dependency and executes its verification example. That script initializes Sentry using the embedded DSN, requests the installing machine's public IP from Cloudflare, attaches it to the Sentry user context, throws a controlled error, and flushes the resulting event to the embedded Sentry project. This is unconsented install-time telemetry collection rather than a benign package verification step.
Rationale
Source inspection confirms concrete install-time network collection and telemetry exfiltration of the installer host's public IP to a package-controlled Sentry project. No broader payload or persistence was found, but the lifecycle behavior is sufficient to block.
Evidence
package.jsonexamples/verify.jssrc/index.js
Network endpoints4
www.cloudflare.com/cdn-cgi/traceone.one.one.one/cdn-cgi/trace1.1.1.1/cdn-cgi/traced4616e08f531447bd415e91fd21940a6@o4510485815754752.ingest.us.sentry.io/4511716882972672

Decision evidence

public snapshot
AI called this Malicious at 98.0% confidence as Malware with low false-positive risk.
Evidence for block
  • package.json preinstall runs `npm install` then `examples/verify.js`.
  • examples/verify.js initializes a hard-coded Sentry DSN, resolves public IP, and flushes an error event during install.
  • src/index.js defaults Sentry to `sendDefaultPii: true`.
  • src/index.js fetches Cloudflare trace endpoints with a browser-like User-Agent and attaches the resolved IP to Sentry.
Evidence against
  • Inspected package contains only manifest, README, source, declarations, and verify example.
  • No filesystem harvesting, shell execution beyond the declared lifecycle command, eval, dynamic loading, persistence, or AI-agent configuration writes found.
  • Runtime reporting APIs require explicit consumer calls; install behavior is confined to the verification script.
Behavioral surface
Source
ChildProcessEnvironmentVarsNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 10.4 KB of source, external domains: 1.1.1.1, one.one.one.one, www.cloudflare.com

Source & flagged code

4 flagged · loading source
package.jsonView file
scripts.preinstall = npm install @sentry/node && node examples/verify.js
Critical
Red Install Lifecycle Script

Install-time lifecycle script matches a deterministic static-gate block pattern.

package.jsonView on unpkg
scripts.preinstall = npm install @sentry/node && node examples/verify.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
src/index.jsView file
matchType = normalized_sha256 matchedPackage = chat-adapter-zoom@12.1.31 matchedPath = src/index.js matchedIdentity = npm:Y2hhdC1hZGFwdGVyLXpvb20:12.1.31 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

src/index.jsView on unpkg
matchType = malicious_source_fingerprint_signature signature = 77336ad547d16a1c signatureType = suspicious_hashes sourceLabel = final_verdict:malicious matchedPackage = chat-adapter-zoom@12.1.31 matchedPath = src/index.js matchedIdentity = npm:Y2hhdC1hZGFwdGVyLXpvb20:12.1.31 similarity = 1.000 shingleOverlap = 2 summary = package final verdict is malicious
High
Known Malware Source Fingerprint Signature

Source fingerprint signature matches a known malicious package signature; route for source-aware review.

src/index.jsView on unpkg

Findings

1 Critical3 High2 Medium3 Low
CriticalRed Install Lifecycle Scriptpackage.json
HighInstall Time Lifecycle Scriptspackage.json
HighKnown Malware Source Similaritysrc/index.js
HighKnown Malware Source Fingerprint Signaturesrc/index.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings