AI Security Review
scanned 11d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The risky primitives are user-invoked CLI/server features for serving, fetching, loading user server code, and dev watch forking.
Static reason
One or more suspicious static signals were detected.
Trigger
User runs srvx CLI or imports srvx modules
Impact
No unauthorized execution, exfiltration, persistence, or destructive behavior identified
Mechanism
Legitimate universal server CLI and runtime adapters
Rationale
Static inspection shows a server framework with expected CLI primitives: self-forking for watch mode, dynamic import of user server entries, static file serving, and user-directed fetch/curl behavior. There are no lifecycle hooks, hidden payloads, credential collection, persistence, destructive actions, or hardcoded exfiltration endpoints.
Evidence
package.jsonbin/srvx.mjsdist/cli.mjsdist/loader.mjsdist/static.mjsdist/adapters/node.mjsdist/adapters/generic.mjsdist/_chunks/_plugins.mjs
Decision evidence
public snapshotAI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
- dist/cli.mjs imports node:child_process and forks the CLI for watch/import mode
- dist/cli.mjs implements user-invoked fetch/curl mode for arbitrary URLs
- dist/loader.mjs dynamically imports user-selected server entry files
Evidence against
- package.json has no install/postinstall lifecycle hooks
- bin/srvx.mjs only invokes dist/cli.mjs main with docs/issues metadata
- dist/cli.mjs child process forks its own CLI path with user args for dev watch behavior
- dist/loader.mjs imports local project server entries to run the advertised server framework
- No credential harvesting, persistence, destructive writes, or exfiltration endpoints found
- Network behavior is CLI/server functionality aligned with README and package purpose
Behavioral surface
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
WildcardDependency
Source & flagged code
4 flagged · loading sourcedist/cli.mjsView file
4import { fileURLToPath } from "node:url";
L5: import { fork } from "node:child_process";
L6: import { createReadStream, existsSync, statSync } from "node:fs";
High
372async function forkCLI(args, runtimeArgs) {
L373: const child = fork(fileURLToPath(globalThis.__SRVX_BIN__ || new URL("../bin/srvx.mjs", import.meta.url)), [...args], { execArgv: [...process.execArgv, ...runtimeArgs].filter(Boolea...
L374: child.on("error", (error) => {
High
4Cross-file remote execution chain: dist/cli.mjs spawns dist/loader.mjs; helper contains network access plus dynamic code execution.
L4: import { fileURLToPath } from "node:url";
L5: import { fork } from "node:child_process";
L6: import { createReadStream, existsSync, statSync } from "node:fs";
...
L11: try {
L12: if (!process.env.NODE_ENV) process.env.NODE_ENV = cliOpts.prod ? "production" : "development";
L13: let server;
...
L90: }
L91: async function cliFetch(cliOpts) {
L92: const stdin = cliOpts.stdin || process.stdin;
L93: const stdout = cliOpts.stdout || process.stdout;
L94: const stderr = cliOpts.stderr || process.stderr;
...
L103: if (cliOpts.verbose && loaded.url) {
High
Cross File Remote Execution Context
Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/cli.mjsView on unpkg · L4dist/loader.mjsView file
41if (opts.interceptHttpListen !== false) {
L42: const loaded = await interceptListen(() => import(url), opts);
L43: mod = loaded.res;
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/loader.mjsView on unpkg · L41Findings
3 High4 Medium4 Low
HighChild Processdist/cli.mjs
HighShelldist/cli.mjs
HighCross File Remote Execution Contextdist/cli.mjs
MediumDynamic Requiredist/loader.mjs
MediumNetwork
MediumEnvironment Vars
MediumWildcard Dependency
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings