registry  /  uniweb  /  0.12.41

uniweb@0.12.41

Create structured Vite + React sites with content/code separation

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `uniweb update` and confirms, uses `--yes`, or requests an explicit update mode.
Impact
Can influence coding agents working in that Uniweb project; no credential exfiltration, stealth persistence, or unconsented install-time execution was confirmed.
Mechanism
Project-local `AGENTS.md` regeneration plus optional package-manager execution.
Rationale
Not malicious: source inspection found no lifecycle hook or concrete attack chain. Warn because explicit user-command mutation of project AI-agent guidance and optional dependency installation is a meaningful capability under the firewall policy.
Evidence
package.jsonsrc/index.jssrc/commands/update.jssrc/utils/agents-stamp.jspartials/agents.mdsrc/utils/registry-auth.jssrc/backend/client.jsAGENTS.md~/.uniweb/registry-auth.json
Network endpoints3
api.github.comregistry.npmjs.orgassets.uniweb.app/

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `src/commands/update.js` can overwrite project `AGENTS.md` after `uniweb update`.
  • The update command may run the chosen package manager to align Uniweb dependencies.
  • `src/utils/registry-auth.js` stores backend bearer sessions in `~/.uniweb/registry-auth.json`.
Evidence against
  • `package.json` defines no preinstall/install/postinstall lifecycle hook.
  • `src/commands/update.js` limits `AGENTS.md` writes to a Uniweb workspace and prompts unless `--yes` or explicit modes are used.
  • `partials/agents.md` is framework developer documentation, not prompt-control instructions.
  • Network calls are tied to explicit template, update, login, registry, and deployment commands.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 66 file(s), 658 KB of source, external domains: 127.0.0.1, api.github.com, assets.uniweb.app, github.com, pnpm.io, raw.githubusercontent.com, registry.npmjs.org, uniweb.app

Source & flagged code

5 flagged · loading source
src/index.jsView file
matchType = previous_version_dangerous_delta matchedPackage = uniweb@0.12.37 matchedIdentity = npm:dW5pd2Vi:0.12.37 similarity = 0.939 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

src/index.jsView on unpkg
24import { existsSync, readFileSync } from 'node:fs' L25: import { execSync, spawn as spawnChild } from 'node:child_process' L26: import { resolve, join, relative, dirname, basename } from 'node:path'
High
Child Process

Package source references child process execution.

src/index.jsView on unpkg · L24
205try { L206: return await import(modulePath) L207: } catch (err) {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

src/index.jsView on unpkg · L205
src/commands/build.jsView file
139stdio: 'inherit', L140: shell: true, L141: })
High
Shell

Package source references shell execution.

src/commands/build.jsView on unpkg · L139
src/commands/register.jsView file
275try { L276: execSync('npx uniweb build --target foundation', { cwd: targetDir, stdio: 'inherit' }) L277: } catch (err) {
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

src/commands/register.jsView on unpkg · L275

Findings

1 Critical3 High4 Medium4 Low
CriticalPrevious Version Dangerous Deltasrc/index.js
HighChild Processsrc/index.js
HighShellsrc/commands/build.js
HighRuntime Package Installsrc/commands/register.js
MediumDynamic Requiresrc/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings