registry  /  vde-monitor  /  0.9.4

vde-monitor@0.9.4

Monitor tmux sessions with a web UI.

AI Security Review

scanned 9d ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. The package is a user-invoked tmux/agent monitoring CLI with web UI, hooks, push notifications, and usage-cost integrations.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs vde-monitor CLI or explicitly installs/runs vde-monitor-hook via printed hook snippets.
Impact
Expected local state/token persistence and provider-aligned usage queries; no unconsented exfiltration or lifecycle mutation found.
Mechanism
local monitoring server, CLI helpers, and optional agent hook event logging
Rationale
Static inspection shows sensitive primitives are tied to documented monitoring, notification, pricing, and usage-dashboard features, with no lifecycle activation or hidden exfiltration. The scanner hints are explained by the bundled CLI/server and web syntax assets rather than concrete attack behavior.
Evidence
package.jsonREADME.mddist/index.jsdist/vde-monitor-hook.jsdist/web/assets/codeql-DsOJ9woJ.js~/.vde-monitor/token.json~/.vde-monitor/state.json~/.vde-monitor/push-vapid.json~/.vde-monitor/notifications.json~/.vde-monitor/events/<server-key>/claude.jsonl~/.vde-monitor/events/<server-key>/codex.jsonl~/.claude/.credentials.json~/.claude/projects/<encoded>/<session>.jsonl~/.codex/sessions
Network endpoints3
raw.githubusercontent.com/BerriAI/litellm/main/model_prices_and_context_window.jsonapi.anthropic.com/api/oauth/usageplatform.claude.com/v1/oauth/token

Decision evidence

public snapshot
AI called this Clean at 89.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/index.js can read Claude credentials from ~/.claude/.credentials.json and macOS keychain for usage dashboard features.
  • dist/index.js uses fetch/web-push and execa/spawn for pricing, notifications, tmux/wezterm/vw/git/ps, and Claude OAuth usage.
  • dist/vde-monitor-hook.js appends raw Claude/Codex hook payloads to ~/.vde-monitor/events after explicit hook invocation.
Evidence against
  • package.json has no install/preinstall/postinstall lifecycle scripts; bins are user-invoked.
  • README.md documents hooks, token/state files, push config, usage dashboard, and Claude/Codex integration paths.
  • dist/index.js prints hook snippets for user paste; it does not write ~/.claude/settings.json or ~/.codex/hooks.json.
  • Network endpoints are feature-aligned: LiteLLM pricing, Anthropic OAuth usage/refresh, web-push subscriptions.
  • dist/web/assets/codeql-DsOJ9woJ.js dynamic require hit is bundled syntax-highlighting grammar data, not package control flow.
  • No hidden downloader, obfuscated payload, destructive behavior, persistence, or unconsented AI-agent control-surface mutation found.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNativeBindingsNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 302 file(s), 10.8 MB of source, external domains: api.anthropic.com, fb.me, github.com, json-schema.org, platform.claude.com, radix-ui.com, raw.githubusercontent.com, react.dev, tanstack.com, www.w3.org

Source & flagged code

3 flagged · loading source
dist/web/assets/codeql-DsOJ9woJ.jsView file
1const e=Object.freeze(JSON.parse('{"displayName":"CodeQL","fileTypes":["ql","qll"],"name":"codeql","patterns":[{"include":"#module-member"}],"repository":{"abstract":{"match":"\\\\...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/web/assets/codeql-DsOJ9woJ.jsView on unpkg · L1
dist/index.jsView file
matchType = previous_version_dangerous_delta matchedPackage = vde-monitor@0.9.3 matchedIdentity = npm:dmRlLW1vbml0b3I:0.9.3 similarity = 0.975 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

dist/index.jsView on unpkg
10import webpush from "web-push"; L11: import { execa, execaSync } from "execa"; L12: import { spawn } from "node:child_process"; ... L21: import { streamSSE } from "hono/streaming"; L22: import { createServer } from "node:net"; L23: import { createInterface as createInterface$1 } from "node:readline/promises"; ... L578: if (path.extname(configPath).toLowerCase() === ".json") try { L579: return JSON.parse(raw); L580: } catch { ... L767: const getTokenDir = () => { L768: return path.join(os.homedir(), ".vde-monitor"); L769: };
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/index.jsView on unpkg · L10

Findings

1 Critical4 Medium6 Low
CriticalPrevious Version Dangerous Deltadist/index.js
MediumDynamic Requiredist/web/assets/codeql-DsOJ9woJ.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptodist/index.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings