registry  /  strictcli  /  0.26.0

strictcli@0.26.0

A strict, zero-dependency CLI framework for Python (npm wrapper)

AI Security Review

scanned 2d ago · by lpm-firewall-ai

Install-time hook delegates installation to uv/pip for the matching Python package. This creates an unresolved install-time remote package execution risk, but no concrete malicious behavior is present in the inspected npm source.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install strictcli@0.26.0
Impact
May download and install external Python package during npm install; no confirmed exfiltration or persistence in inspected source.
Mechanism
postinstall shell execution of package-aligned pip install
Rationale
The source shows an automatic install hook that shells out to uv/pip for a package-aligned Python dependency, creating supply-chain risk but not a concrete malicious chain. With no exfiltration, persistence, destructive behavior, or AI-agent control-surface mutation in inspected files, this should warn rather than block.
Evidence
package.jsonpostinstall.jsindex.jsCLAUDE.md.claude/settings.jsonuv.lock
Network endpoints2
pypi.org/simplefiles.pythonhosted.org

Decision evidence

public snapshot
AI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node postinstall.js
  • postinstall.js uses child_process.execSync to run uv pip install strictcli==0.26.0, falling back to pip install
  • The installed Python artifact is fetched at npm install time and is not included in the inspected package source
Evidence against
  • postinstall target is package-aligned: strictcli==package.json version
  • No credential/env harvesting, destructive file operations, eval, obfuscation, or exfiltration code found in JS entrypoints
  • index.js only throws a message that this is a Python-library npm wrapper
  • CLAUDE.md and .claude/settings.json contain inert project guidance/settings and no AI-agent control mutation
Behavioral surface
Source
ChildProcess
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 673 B of source

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High1 Medium1 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
LowScripts Present