registry  /  target-supabase-sdk  /  0.2.2

target-supabase-sdk@0.2.2

Supabase client initializer and data access APIs

AI Security Review

scanned 3h ago · by lpm-firewall-ai

The Node task runtime can fetch task-script source from the caller-configured Supabase project, write it to a temporary module, dynamically import it, and invoke its exported task function. This is an unguarded remote-code execution capability when remote tasks are enabled (the default).

Static reason
No blocking static signals were detected.
Trigger
A consumer initializes Supabase and runs Node task/repository resolution with no local task entry.
Impact
A party able to alter the configured Supabase task-script records can run arbitrary Node code in the consumer's task-worker process.
Mechanism
Configured-Supabase script fetch → temporary ESM write → dynamic import → task function invocation.
Rationale
This package contains a concrete high-risk remote task execution primitive, but source inspection does not show stealth, unsolicited install-time execution, a hard-coded attacker endpoint, or data theft. Treat it as a dangerous capability requiring a warning rather than confirmed malware.
Evidence
package.jsonsrc/repo/repo-manager.tssrc/repo/repo.script-loader.tssrc/task/task-node.tsdist/node.js

Decision evidence

public snapshot
AI called this Suspicious at 92.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `src/repo/repo-manager.ts` fetches task script records from configured Supabase.
  • `src/repo/repo-manager.ts` enables remote resolution by default (`includeRemote = true`).
  • `src/repo/repo.script-loader.ts` writes inline ESM source to a temp file then dynamically imports it.
  • `src/task/task-node.ts` invokes the resolved `taskFn`, executing loaded task code.
  • The same loader and default remote path are shipped in `dist/node.js`.
Evidence against
  • `package.json` has no `preinstall`, `install`, or `postinstall` hook.
  • No hard-coded network host, credential exfiltration, shell execution, or AI-agent config mutation was found.
  • Runtime network configuration requires caller-provided Supabase environment values.
  • The remote-code path is part of the documented task/repository execution design, not import-time behavior.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 105 file(s), 624 KB of source

Source & flagged code

1 flagged · loading source
dist/node.jsView file
919} L920: /** `file://` href for Node dynamic `import()` of a local module. */ L921: function toFileImportHref(filePath) {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/node.jsView on unpkg · L919

Findings

3 Medium3 Low
MediumDynamic Requiredist/node.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings