registry  /  ultracite  /  7.9.0

ultracite@7.9.0

The AI-ready formatter that helps you write and generate code faster.

AI Security Review

scanned 5h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs ultracite init with agent/editor hook options or --install-skill
Impact
User-selected project files may be created/updated and local package-manager commands may install dependencies or run ultracite fix hooks.
Mechanism
explicit CLI project and agent configuration writer
Rationale
Source inspection supports a warning for explicit user-command AI-agent config mutation, not a publish block. There is no concrete malicious chain, credential theft, hidden lifecycle execution, or remote code payload.
Evidence
package.jsondist/index.jsREADME.mdconfig/AGENTS.md.claude/CLAUDE.md.claude/settings.json.github/hooks/ultracite.json.cursor/hooks.json.windsurf/hooks.json.vscode/settings.jsonbiome.jsonceslint.config.mjsoxlint.config.tsoxfmt.config.ts.pre-commit-config.yamllefthook.yml

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • dist/index.js: init can write AI agent files like AGENTS.md, .claude/CLAUDE.md, .github/hooks/ultracite.json.
  • dist/index.js: optional hooks configure agents/editors to run package-manager ultracite fix after file edits.
  • dist/index.js: init can install dependencies and skills via nypm/cross-spawn when user selects options.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle scripts.
  • dist/index.js exposes commander CLI commands init/check/fix/doctor; config mutation is under explicit CLI init options/prompts.
  • dist/index.js write helper refuses paths outside cwd and symlink targets.
  • No credential harvesting, exfiltration endpoint, remote payload fetch, or stealth persistence found.
  • check/fix run local linters/formatters package-aligned with the tool purpose.
Behavioral surface
Source
ChildProcessDynamicRequireEval
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 70 file(s), 179 KB of source, external domains: github.com, registry.npmjs.org, www.ultracite.ai

Source & flagged code

3 flagged · loading source
dist/index.jsView file
matchType = previous_version_dangerous_delta matchedPackage = ultracite@7.8.4 matchedIdentity = npm:dWx0cmFjaXRl:7.8.4 similarity = 0.641 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/index.jsView on unpkg
207`)},cy=async(b,y)=>{let G=await v0(b,"utf-8"),H=Fy(G);if(!H)return;if(Q0(H))return;let A=U0(H,h(y));await Q(b,`${JSON.stringify(A,null,2)} L208: `)},Py=(b)=>b.replaceAll(/^(?<key>[*?{[][^\n:]*):(?<rest>.*)$/gmu,(y,G,H)=>`'${G}':${H}`),qy=async(b,y)=>{let G=await v0(b,"utf-8"),H=Py(G),A;try{A=R1.parse(H)}catch{return}if(!A)r... L209: `;await Q(b,v)},fy=async(b,y)=>{let H=await import(`${S1(b).href}?t=${Date.now()}`),A=H.default||H;if(Q0(A))return;let $=U0(A,h(y)),v=`module.exports = ${JSON.stringify($,null,2)};
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/index.jsView on unpkg · L207
78- Avoid \`dangerouslySetInnerHTML\` unless absolutely necessary L79: - Don't use \`eval()\` or assign directly to \`document.cookie\` L80: - Validate and sanitize user input
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/index.jsView on unpkg · L78

Findings

1 High1 Medium4 Low
HighPrevious Version Dangerous Deltadist/index.js
MediumDynamic Requiredist/index.js
LowScripts Present
LowEvaldist/index.js
LowHigh Entropy Strings
LowUrl Strings