registry  /  startx  /  1.1.4

startx@1.1.4

AI Security Review

scanned 13h ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a user-invoked monorepo scaffolding CLI with template/app code and no lifecycle execution.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs the startx CLI commands
Impact
Creates or updates project scaffold files selected by the user; no credential harvesting, persistence, or exfiltration confirmed.
Mechanism
interactive scaffolding and template file generation
Rationale
Static inspection shows suspicious primitives are package-aligned, user-invoked CLI/template functionality rather than install-time or import-time attack behavior. No unconsented AI-agent control-surface writes, credential exfiltration, persistence, or destructive behavior were found.
Evidence
package.jsonapps/startx-cli/dist/index.mjsapps/startx-cli/package.jsonpackages/aix/src/lib/convertor/variable-resolver.tspackages/aix/src/tools/system/index.tsapps/cli/src/commands/common/hashing.ts

Decision evidence

public snapshot
AI called this Clean at 87.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no npm lifecycle hooks; only bin startx points to apps/startx-cli/dist/index.mjs.
    • Entrypoint is a Commander CLI; actions require user commands such as init/package add/create.
    • CLI writes scaffold/template files into a user-selected workspace and prompts before overwriting nonempty targets.
    • Only child_process spawn found runs the detected package manager install after an interactive dependency prompt.
    • No bidi/invisible Trojan Source controls found in apps/startx-cli/dist/index.mjs; scanner likely matched normal Unicode UI symbols.
    • QuickJS/vm/eval uses are source/template AI-tool features, not install-time or import-time execution/exfiltration.
    Behavioral surface
    Source
    ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
    Supply chain
    HighEntropyStringsMinifiedProtestwareUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 259 file(s), 1.20 MB of source, external domains: api.anthropic.com, api.cerebras.ai, api.groq.com, api.open-meteo.com, app.com, dotenvx.com, fonts.googleapis.com, fonts.gstatic.com, geocoding-api.open-meteo.com, github.com, json-schema.org

    Source & flagged code

    6 flagged · loading source
    apps/cli/src/commands/common/hashing.tsView file
    27patternName = generic_password severity = medium line = 27 matchedText = logger.i..."`);
    Medium
    Secret Pattern

    Package contains a possible secret pattern.

    apps/cli/src/commands/common/hashing.tsView on unpkg · L27
    packages/aix/src/lib/convertor/variable-resolver.tsView file
    129if (v.type === "fn") { L130: parsed = eval(`(function() { L131: return (function() {
    Low
    Eval

    Package source references a known benign dynamic code generation pattern.

    packages/aix/src/lib/convertor/variable-resolver.tsView on unpkg · L129
    apps/startx-cli/dist/index.mjsView file
    177contains invisible/control Unicode U+FEFF (zero width no-break space) `};delete e.items,Object.assign(e,{type:n,source:t,end:[r]});break}default:{let r=`indent`in e?e.indent:-1,i=`end`in e&&Array.isArray(e.end)?e.end.filter(e=>e.type===`space`||e.type===`comment`||e.type===`newline`):[];for(let t of Object.ke
    Critical
    Trojan Source Unicode

    Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

    apps/startx-cli/dist/index.mjsView on unpkg · L177
    Trigger-reachable chain: manifest.bin -> apps/startx-cli/dist/index.mjs Reachable file contains a blocking source-risk pattern.
    Critical
    Trigger Reachable Dangerous Capability

    A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

    apps/startx-cli/dist/index.mjsView on unpkg
    61`)[0]}\n`),Error.captureStackTrace(this,e)}};t.exports=e=>{if(e.length>2)throw new n(e);function t(e={}){this.options=e}t.prototype.transform=e;function r(e){return new t(e)}return... L62: `)!=-1,a=this._styles,s=a.length;s--;){var c=i[a[s]];e=c.open+e.replace(c.closeRe,c.open)+c.close,t&&(e=e.replace(o,function(e){return c.close+e+c.open}))}return e}n.setTheme=funct... L63: `));return!0}t.exports=(...e)=>{let t=n(r(e)),i=t();return i.Format=t.Format,i},t.exports.cascade=r})),vg=v(((e,t)=>{let{hasOwnProperty:n}=Object.prototype,r=_();r.configure=_,r.st...
    Medium
    Dynamic Require

    Package source references dynamic require/import behavior.

    apps/startx-cli/dist/index.mjsView on unpkg · L61
    packages/aix/src/tools/system/index.tsView file
    233try { L234: contextValue = JSON.parse(contextValue); L235: } catch {
    Medium
    Unsafe Vm Context

    Package source executes code through a VM context API.

    packages/aix/src/tools/system/index.tsView on unpkg · L233

    Findings

    2 Critical7 Medium5 Low
    CriticalTrojan Source Unicodeapps/startx-cli/dist/index.mjs
    CriticalTrigger Reachable Dangerous Capabilityapps/startx-cli/dist/index.mjs
    MediumSecret Patternapps/cli/src/commands/common/hashing.ts
    MediumDynamic Requireapps/startx-cli/dist/index.mjs
    MediumUnsafe Vm Contextpackages/aix/src/tools/system/index.ts
    MediumNetwork
    MediumEnvironment Vars
    MediumProtestware
    MediumStructural Risk Force Deep Review
    LowScripts Present
    LowEvalpackages/aix/src/lib/convertor/variable-resolver.ts
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings