registry  /  sweet-search  /  2.6.11

sweet-search@2.6.11

Sweet Search - SOTA Hybrid Code Search Engine with WASM CatBoost Query Router, Semantic/Lexical/Structural Search, and Multilingual Support

AI Security Review

scanned 11d ago · by lpm-firewall-ai

No confirmed malicious install-time or import-time attack surface. The package is an agent-oriented code search tool with explicit init-time integration into Claude/Codex/MCP surfaces, but the npm lifecycle hook is only a banner.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs banner only; agent integrations require `sweet-search init` flags or defaults
Impact
Project-local search indexes, hooks, and tool-routing prompts may be created after explicit init; no credential harvesting or exfiltration was found.
Mechanism
user-invoked project search setup and optional agent/MCP registration
Rationale
Static inspection found substantial agent integration code, but it is activated by explicit `sweet-search init` or flags, while install-time code only prints a terminal banner. The network, child_process, hooks, and WASM/native behaviors are package-aligned for code search/indexing and do not show credential harvesting, exfiltration, destructive persistence, or unconsented lifecycle mutation.
Evidence
package.jsonscripts/postinstall-banner.jsscripts/init.jsscripts/inject-agent-instructions.jsscripts/install-mcp-server.jsscripts/install-prompt-reminders.jsscripts/install-tool-enforcement.jsscripts/write-claude-rules.jscore/search/session-daemon-prewarm.mjsmcp/server.jsmcp/tool-handlers.jscore/infrastructure/config/embedding.js/dev/ttyCLAUDE.mdAGENTS.mdGEMINI.md.cursor/rules/sweet-search.mdc.claude/settings.json.claude/hooks/session-daemon-prewarm.mjs.claude/hooks/sweet-search-remind-tools.mjs.claude/hooks/sweet-search-intercept-read.mjs.claude/rules/sweet-search.md.claude/skills/sweet-index/.codex/hooks.json.codex/config.toml.mcp.json.sweet-search/
Network endpoints7
api.voyageai.com/v1/embeddingsapi.mistral.ai/v1/embeddingsapi.jina.ai/v1/embeddingshuggingface.coapi.groq.com/openai/v1api.cerebras.ai/v1localhost:11434

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with low false-positive risk.
Evidence for block
  • scripts/init.js user-invoked setup can write CLAUDE.md, .claude hooks/skills/rules, optional .codex hooks, and optional .mcp.json
  • scripts/init.js default Claude SessionStart hook launches package search daemon from project-local relative path after explicit `sweet-search init`
Evidence against
  • package.json postinstall only runs scripts/postinstall-banner.js, which prints a banner and does not write agent config
  • scripts/inject-agent-instructions.js uses bounded marker blocks and preserves user content outside markers
  • scripts/install-mcp-server.js only writes project .mcp.json when `--mcp` is passed
  • scripts/install-tool-enforcement.js strict Grep deny is off by default and requires `--enforce-tools`
  • core/infrastructure/config/embedding.js defaults to local embeddings; remote API endpoints require explicit env/provider opt-in
  • mcp/server.js and mcp/tool-handlers.js expose package-aligned code search/index/read tools for the selected project root
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 247 file(s), 5.41 MB of source, external domains: 127.0.0.1, api.cerebras.ai, api.groq.com, api.jina.ai, api.mistral.ai, api.voyageai.com, github.com, huggingface.co, nodejs.org

Source & flagged code

5 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall-banner.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
crates/wasm-router/pkg/query_router_wasm.jsView file
266const wasmPath = `${__dirname}/query_router_wasm_bg.wasm`; L267: const wasmBytes = require('fs').readFileSync(wasmPath); L268: const wasmModule = new WebAssembly.Module(wasmBytes);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

crates/wasm-router/pkg/query_router_wasm.jsView on unpkg · L266
core/indexing/index-codebase-v21.jsView file
35// enable. libuv reads this lazily on first thread pool use. L36: if (process.env.SWEET_SEARCH_UV_THREADPOOL_SIZE && !process.env.UV_THREADPOOL_SIZE) { L37: process.env.UV_THREADPOOL_SIZE = process.env.SWEET_SEARCH_UV_THREADPOOL_SIZE; ... L121: // Animated banner (best-effort; interactive TTY only, never in CI / quiet / stdin-fed runs). L122: if (!quiet && !help && !filesFromStdin && process.stdout.isTTY && !process.env.CI && !process.env.NO_BANNER && !process.env.SWEET_SEARCH_NO_BANNER) { L123: try { const { showBanner } = await import('../banner/render-banner.js'); await showBanner({ clear: true }); } catch { /* non-fatal */ } ... L136: } else { L137: applyPersistedLiModel(process.env.SWEET_SEARCH_PROJECT_ROOT || process.cwd()); L138: } ... L446: // form silently no-op'd under three real-world conditions: L447: // 1. `npm install ../sweet-search-private` (file install) symlinks L448: // `node_modules/sweet-search/` to the source — `process.argv[1]` is the
Medium
Unsafe Vm Context

Package source executes code through a VM context API.

core/indexing/index-codebase-v21.jsView on unpkg · L35
core/search/search-fusion.jsView file
41if (result.name) return String(result.name); L42: if (process.env.DEBUG_CATCHES) { L43: _fallbackKeyCount++; L44: if (_fallbackKeyCount <= 5 || _fallbackKeyCount % 100 === 0) { L45: process.stderr.write(`[search-fusion] fallback hash dedup path used (${_fallbackKeyCount})\n`); L46: }
Low
Weak Crypto

Package source references weak cryptographic algorithms.

core/search/search-fusion.jsView on unpkg · L41
crates/wasm-router/pkg/query_router_wasm_bg.wasmView file
path = crates/wasm-router/pkg/query_router_wasm_bg.wasm kind = wasm_module sizeBytes = 201196 magicHex = [redacted]
Medium
Ships Wasm Module

Package ships WebAssembly modules.

crates/wasm-router/pkg/query_router_wasm_bg.wasmView on unpkg

Findings

1 High6 Medium6 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumDynamic Requirecrates/wasm-router/pkg/query_router_wasm.js
MediumUnsafe Vm Contextcore/indexing/index-codebase-v21.js
MediumNetwork
MediumEnvironment Vars
MediumShips Wasm Modulecrates/wasm-router/pkg/query_router_wasm_bg.wasm
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptocore/search/search-fusion.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings