registry  /  toiljs  /  0.0.83

toiljs@0.0.83

The modern React framework: a file-based React frontend and a ToilScript-compiled WebAssembly backend.

AI Security Review

scanned 5h ago · by lpm-firewall-ai

No confirmed malicious attack surface was found. Sensitive primitives are framework-aligned devserver, compiler, email, update-check, and project scaffolding features invoked by users.

Static reason
No blocking static signals were detected.
Trigger
User runs toiljs CLI/devserver/compiler features.
Impact
No credential harvesting, persistence, destructive behavior, or unconsented AI-agent control-surface mutation found.
Mechanism
user-invoked framework tooling
Rationale
Direct source inspection shows the flagged shell, network, env, and AI-helper behaviors are explicit framework/dev tooling paths rather than automatic install/import compromise. No exfiltration, remote payload execution, persistence, destructive action, or unconsented broad agent control mutation was identified.
Evidence
package.jsonsrc/cli/index.tssrc/cli/proc.tssrc/cli/create.tssrc/compiler/plugin.tssrc/compiler/docs.tssrc/cli/notify.tssrc/devserver/email/providers.tstests/data-parity/generated-parity.ts
Network endpoints5
api.openai.com/v1/chat/completionsapi.anthropic.com/v1/messagesapi.resend.com/emailsregistry.npmjs.org/toiljs/latesttoil.org

Decision evidence

public snapshot
AI called this Clean at 92.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no preinstall/install/postinstall hook; only prepublishOnly/build scripts.
    • src/cli/index.ts runs functionality only after explicit toiljs CLI commands.
    • src/cli/proc.ts child_process spawn is a CLI helper with fixed/allowlisted args for install/build tooling.
    • src/compiler/plugin.ts AI fetches are devtool endpoints gated by config and same-origin checks, not install-time exfiltration.
    • src/compiler/docs.ts and src/cli/create.ts scaffold AGENTS.md/CLAUDE.md/.cursor files only during explicit toiljs create selection.
    • tests/data-parity/generated-parity.ts spawnSync is a test fixture, not package runtime.
    Behavioral surface
    Source
    ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShellWebSocket
    Supply chain
    HighEntropyStringsMinifiedUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 339 file(s), 2.18 MB of source, external domains: api.anthropic.com, api.example.com, api.openai.com, api.resend.com, cdn.jsdelivr.net, chatgpt.com, claude.ai, github.com, myaccount.google.com, registry.npmjs.org, toil.example, toil.org, www.sitemaps.org, www.w3.org

    Source & flagged code

    4 flagged · loading source
    tests/data-parity/generated-parity.tsView file
    9import { fileURLToPath, pathToFileURL } from "node:url"; L10: import { spawnSync } from "node:child_process"; L11: const here = dirname(fileURLToPath(import.meta.url));
    High
    Child Process

    Package source references child process execution.

    tests/data-parity/generated-parity.tsView on unpkg · L9
    60// Generated side: build the same value with the generated Foo class and encode. L61: const gen = (await import(pathToFileURL(modPath).href)) as { L62: Foo: new () => {
    Medium
    Dynamic Require

    Package source references dynamic require/import behavior.

    tests/data-parity/generated-parity.tsView on unpkg · L60
    build/cli/index.jsView file
    1591const stdio = opts.stdio ?? "ignore"; L1592: const child = onWindows ? spawn([cmd, ...args].join(" "), { cwd, stdio, shell: true }) : spawn(cmd, args, { cwd, stdio }); L1593: child.on("error", reject);
    High
    Shell

    Package source references shell execution.

    build/cli/index.jsView on unpkg · L1591
    build/compiler/plugin.jsView file
    1import { spawn } from 'node:child_process'; L2: import fs from 'node:fs'; ... L11: async function aiComplete(ai, prompt) { L12: const key = ai.apiKeyEnv ? process.env[ai.apiKeyEnv] : undefined; L13: if (ai.endpoint) { L14: const r = await fetch(ai.endpoint, { L15: method: 'POST',
    High
    Same File Env Network Execution

    A single source file combines environment access, network access, and code or shell execution; review context before blocking.

    build/compiler/plugin.jsView on unpkg · L1

    Findings

    3 High4 Medium5 Low
    HighChild Processtests/data-parity/generated-parity.ts
    HighShellbuild/cli/index.js
    HighSame File Env Network Executionbuild/compiler/plugin.js
    MediumDynamic Requiretests/data-parity/generated-parity.ts
    MediumNetwork
    MediumEnvironment Vars
    MediumStructural Risk Force Deep Review
    LowNon Install Lifecycle Scripts
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings