registry  /  target-supabase-sdk  /  0.2.0

target-supabase-sdk@0.2.0

Supabase client initializer and data access APIs

AI Security Review

scanned 3h ago · by lpm-firewall-ai

The Node worker path can execute JavaScript retrieved from a configured Supabase project's Repo-script record. This is not activated during installation or ordinary browser-entry import.

Static reason
No blocking static signals were detected.
Trigger
A consumer initializes Supabase, starts `TaskNode`, and it claims a task whose type resolves to a remote Repo script.
Impact
A party controlling the configured Supabase records can run arbitrary JavaScript with the worker process privileges.
Mechanism
Remote script source is written to a temporary ESM file, dynamically imported, then its exported task function is invoked.
Rationale
The package contains a high-risk backend-driven task execution feature, but no concrete malicious payload or unconsented install-time behavior. Treat it as a dangerous capability requiring a warning rather than a block.
Evidence
package.jsonsrc/repo/repo.script-loader.tssrc/repo/repo-manager.tssrc/node/task-node.tssrc/supabase.ts

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `src/repo/repo.script-loader.ts` writes `script.details.source` to a temporary `.mjs` file and dynamically imports it.
  • `src/repo/repo-manager.ts` fetches remote Repo and Repo-script records from the configured Supabase project, then loads them.
  • `src/node/task-node.ts` invokes the loaded repository context's `taskFn()` for claimed tasks.
  • The capability is exposed only through the explicit `target-supabase-sdk/node` entrypoint.
Evidence against
  • `package.json` has no `preinstall`, `install`, or `postinstall` hook.
  • No `child_process`, shell execution, `eval`, or VM use appears in inspected source.
  • `src/supabase.ts` requires caller-supplied Supabase URL and key; no fixed exfiltration endpoint is embedded.
  • No credential harvesting, AI-agent configuration mutation, destructive filesystem action, or import-time task execution was found.
Behavioral surface
Source
CryptoDynamicRequireEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 136 file(s), 389 KB of source

Source & flagged code

1 flagged · loading source
dist/shared/utils/config-path.utils.jsView file
71} L72: /** `file://` href for Node dynamic `import()` of a local module. */ L73: export function toFileImportHref(filePath) {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/shared/utils/config-path.utils.jsView on unpkg · L71

Findings

3 Medium3 Low
MediumDynamic Requiredist/shared/utils/config-path.utils.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings