registry  /  typeglish  /  0.1.0

typeglish@0.1.0

The TypeGlish language + compiler — turn English into logically consistent, checkable programs for LLMs.

AI Security Review

scanned 1d ago · by lpm-firewall-ai

No confirmed malicious attack surface. Explicit CLI/MCP build operations read supplied project inputs and write TypeGlish artifacts under the project-local .typeglish directory.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs `typeglish build`, invokes its MCP build tool, or explicitly configures and calls `typeglish claude-hook`.
Impact
No unconsented install-time mutation, persistence, network communication, credential harvesting, or remote code execution established.
Mechanism
Local prompt compilation, artifact generation, and optional stdin-based hook evaluation.
Rationale
Static inspection shows a package-aligned local compiler/MCP tool, with file writes reachable only through explicit build actions. Scanner flags are explained by bundled dependencies, local dynamic imports, and Unicode-lint regexes rather than an attack chain.
Evidence
package.jsondist/cli.jsdist/mcp.jsdist/chunk-3NQ3VYO6.jsdist/chunk-KRYC4OTL.js.typeglish/dist/<name>.txt.typeglish/dist/<name>.agent.json.typeglish/build-manifest.json.typeglish/deploy-gate.json

Decision evidence

public snapshot
AI called this Clean at 98.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no preinstall/install/postinstall hook; prepare only runs husky.
    • dist/cli.js gates Claude behavior only through explicit `claude-hook` invocation.
    • dist/cli.js writes only user-requested build artifacts and .typeglish manifest files.
    • No package-authored network, shell, credential-exfiltration, or remote-payload path found.
    • The reported invisible Unicode in dist/chunk-KRYC4OTL.js is deliberate lint detection regex data.
    • Dynamic import loads local MCP/spell/Z3 modules or declared optional peers.
    Behavioral surface
    Source
    ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystem
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 18 file(s), 2.06 MB of source, external domains: api.anthropic.com, api.example.com, api.openai.com, generativelanguage.googleapis.com, github.com, json-schema.org, peggyjs.org, raw.githubusercontent.com, spec.openapis.org, stackoverflow.com, tools.ietf.org, www.safaribooksonline.com, www.w3.org

    Source & flagged code

    2 flagged · loading source
    dist/chunk-KRYC4OTL.jsView file
    246contains invisible/control Unicode U+200D (zero width joiner) re: /(?![©®™])\p{Extended_Pictographic}(?:️)?(?:<U+200D>(?![©®™])\p{Extended_Pictographic}(?:️)?)*/gu,
    Critical
    Trojan Source Unicode

    Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

    dist/chunk-KRYC4OTL.jsView on unpkg · L246
    Trigger-reachable chain: manifest.main -> dist/index.js -> dist/chunk-KRYC4OTL.js Reachable file contains a blocking source-risk pattern.
    Critical
    Trigger Reachable Dangerous Capability

    A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

    dist/chunk-KRYC4OTL.jsView on unpkg

    Findings

    2 Critical3 Medium6 Low
    CriticalTrojan Source Unicodedist/chunk-KRYC4OTL.js
    CriticalTrigger Reachable Dangerous Capabilitydist/chunk-KRYC4OTL.js
    MediumDynamic Require
    MediumEnvironment Vars
    MediumStructural Risk Force Deep Review
    LowNon Install Lifecycle Scripts
    LowScripts Present
    LowEval
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings