registry  /  tachograph  /  0.2.5

tachograph@0.2.5

A compact instrument cluster for your coding agents (Claude Code / Codex). Shows model, rate-limit usage, and context at a glance.

AI Security Review

scanned 8d ago · by lpm-firewall-ai

The package has an install-time remote binary fetch, but the endpoint is package-owned and checksum-verified. No confirmed malicious behavior is present in the inspected JavaScript source.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; user invoking tacho runs the downloaded binary
Impact
Remote native binary is installed for later execution; no source-confirmed exfiltration or control-surface mutation.
Mechanism
package-aligned prebuilt binary installer and CLI launcher
Rationale
Static inspection found a disclosed, package-aligned postinstall that downloads and verifies a native CLI binary, plus a wrapper that executes it only when the CLI is invoked. Because the binary payload is remote and not present for source review, this is a warn-level remote binary install risk rather than confirmed malware.
Evidence
package.jsoninstall.jsasset.jsbin/tacho.jsREADME.mdbin/tachobin/tacho.exe/tmp/tacho-*
Network endpoints2
github.com/kosako/tachograph/releases/download/v0.2.5/<asset>github.com/kosako/tachograph/releases/download/v0.2.5/checksums.txt

Decision evidence

public snapshot
AI called this Suspicious at 72.0% confidence as Unknown with medium false-positive risk.
Evidence for warning
  • package.json runs postinstall: node install.js.
  • install.js fetches a platform archive and checksums.txt from GitHub releases at install time.
  • install.js extracts the downloaded archive into bin/ and chmods the resulting tacho binary.
  • bin/tacho.js later executes bin/tacho via child_process.spawnSync with user args.
Evidence against
  • install.js downloads only package-aligned assets under github.com/kosako/tachograph/releases/download/v0.2.5/.
  • install.js verifies the archive SHA-256 against the release checksums before extraction.
  • No source evidence of credential harvesting, home/project agent config writes, persistence, or destructive behavior.
  • README discloses the prebuilt binary download and shows Claude setup as a user-invoked CLI command.
Behavioral surface
Source
ChildProcessCryptoFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 3 file(s), 5.43 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings