registry  /  terminal-commander  /  0.1.77

terminal-commander@0.1.77

Terminal Commander: local MCP-operated terminal/file signal channel with native Linux, Windows, and macOS packages.

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 17 finding(s) at 97.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; source matched previously finalized malicious package; routed for review

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 52 file(s), 297 KB of source, external domains: github.com, registry.npmjs.org

Source & flagged code

10 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
bin/terminal-commanderd.jsView file
11// - On Linux + supported arch + platform package installed: L12: // `child_process.spawn` the Rust binary with `shell: false` and L13: // `stdio: 'inherit'`. Forwards `process.argv.slice(2)` verbatim
High
Child Process

Package source references child process execution.

bin/terminal-commanderd.jsView on unpkg · L11
matchType = normalized_sha256 matchedPackage = terminal-commander@0.1.76 matchedPath = bin/terminal-commanderd.js matchedIdentity = npm:dGVybWluYWwtY29tbWFuZGVy:0.1.76 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

bin/terminal-commanderd.jsView on unpkg
lib/daemon/autostart.jsView file
matchType = normalized_sha256 matchedPackage = terminal-commander@0.1.76 matchedPath = lib/daemon/autostart.js matchedIdentity = npm:dGVybWluYWwtY29tbWFuZGVy:0.1.76 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

lib/daemon/autostart.jsView on unpkg
11const os = require("node:os"); L12: const { spawnSync } = require("node:child_process"); L13: const { applyManagedBlock, hasManagedBlock } = require("./managed_block.js"); ... L34: function shouldInstallDaemonAutostart(env) { L35: const e = env || process.env; L36: if (e.TC_SKIP_DAEMON_AUTOSTART === "1") return false; ... L44: set -eu L45: TC_DATA="\${TC_DATA:-$HOME/.local/share/terminal-commanderd}" L46: SOCK="\$TC_DATA/terminal-commanderd.sock" ... L68: Description=Terminal Commander daemon (user) L69: Documentation=https://github.com/special-place-ai-heaven/terminal-commander L70: After=default.target
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

lib/daemon/autostart.jsView on unpkg · L11
lib/wsl/native-mcp.jsView file
37process.stderr.write( L38: "terminal-commander: Windows npm shim invoked inside WSL; install native runtime: npm install -g terminal-commander (inside the distro, not on Windows PATH)\n", L39: ); ... L41: } L42: const child = spawn(native, argv, { stdio: "inherit", shell: false }); L43: child.on("exit", (code, signal) => {
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

lib/wsl/native-mcp.jsView on unpkg · L37
bin/terminal-commander.jsView file
matchType = normalized_sha256 matchedPackage = terminal-commander@0.1.76 matchedPath = bin/terminal-commander.js matchedIdentity = npm:dGVybWluYWwtY29tbWFuZGVy:0.1.76 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

bin/terminal-commander.jsView on unpkg
lib/cli/update_preflight.jsView file
matchType = normalized_sha256 matchedPackage = terminal-commander@0.1.76 matchedPath = lib/cli/update_preflight.js matchedIdentity = npm:dGVybWluYWwtY29tbWFuZGVy:0.1.76 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

lib/cli/update_preflight.jsView on unpkg
bin/terminal-commander-mcp.jsView file
matchType = normalized_sha256 matchedPackage = terminal-commander@0.1.76 matchedPath = bin/terminal-commander-mcp.js matchedIdentity = npm:dGVybWluYWwtY29tbWFuZGVy:0.1.76 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

bin/terminal-commander-mcp.jsView on unpkg

Findings

8 High5 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processbin/terminal-commanderd.js
HighRuntime Package Installlib/wsl/native-mcp.js
HighKnown Malware Source Similaritybin/terminal-commander.js
HighKnown Malware Source Similaritylib/cli/update_preflight.js
HighKnown Malware Source Similaritylib/daemon/autostart.js
HighKnown Malware Source Similaritybin/terminal-commander-mcp.js
HighKnown Malware Source Similaritybin/terminal-commanderd.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencelib/daemon/autostart.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings