AI Security Review
scanned 3h ago · by lpm-firewall-aiThe Node worker API can execute ESM supplied by records in the consumer's configured Supabase project. This is a dangerous remote task-extension capability, not install-time execution.
Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
A consumer initializes Supabase and invokes the Repo/Task worker flow that resolves a remote task type.
Impact
A party able to modify the configured Supabase Repo/script records can obtain arbitrary code execution in the worker process.
Mechanism
Fetch remote script metadata, write inline ESM to temp storage, then dynamically import it.
Rationale
The package intentionally documents remote Repo script loading for Node workers, but source inspection confirms that untrusted-at-runtime database content can become executable code. There is no installation-time or stealthy malicious chain, so this warrants a warning rather than a block.
Evidence
package.jsonsrc/repo/repo-manager.tssrc/repo/repo.script-loader.tssrc/task/task-repo-context.tssrc/node/process/process-spawn.tsREADME.md/tmp/target-supabase-sdk/repo-scripts/<taskType>@<loadKey>-<hash>.mjs
Decision evidence
public snapshotAI called this Suspicious at 93.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `src/repo/repo.script-loader.ts` writes database-provided ESM source to `/tmp/target-supabase-sdk/repo-scripts` and imports it.
- `src/repo/repo.script-loader.ts` dynamically imports a configured `Repo.details.url`, including URL schemes.
- `src/repo/repo-manager.ts` fetches remote repo and script records from the configured Supabase project before loading them.
- `src/node/process/process-spawn.ts` can launch Node child processes for user-configured worker entries.
Evidence against
- `package.json` has no `preinstall`, `install`, or `postinstall` hook.
- Default browser entry is separate; Node-only loader functionality is exposed through `/node`.
- Remote loading occurs only through the explicit Repo/Task worker path after Supabase initialization.
- No hard-coded network host, credential harvesting, foreign agent-config mutation, or destructive package behavior was found.
Behavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStrings
Source & flagged code
2 flagged · loading sourcedist/node.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = target-supabase-sdk@0.2.2
matchedIdentity = npm:dGFyZ2V0LXN1cGFiYXNlLXNkaw:0.2.2
similarity = 0.932
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/node.jsView on unpkg919}
L920: /** `file://` href for Node dynamic `import()` of a local module. */
L921: function toFileImportHref(filePath) {
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/node.jsView on unpkg · L919Findings
1 High3 Medium3 Low
HighPrevious Version Dangerous Deltadist/node.js
MediumDynamic Requiredist/node.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings