registry  /  vome-core  /  0.0.11

vome-core@0.0.11

Vome framework — shared + Bun/Elysia server + Vue admin

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The server framework dynamically imports host-project configuration and compiles JavaScript from its own Vome module/plugin store. No package-install-time execution or confirmed exfiltration endpoint is present.

Static reason
One or more suspicious static signals were detected.
Trigger
A host application imports `vome-core/server` and starts/scans Vome modules or plugins.
Impact
A party able to place code in the Vome module store could obtain code execution in the host application's process.
Mechanism
Local plugin/module source is transformed and evaluated with `new Function`.
Rationale
No concrete malicious chain is established, but obfuscation plus automatic evaluation of persisted local extension code creates unresolved lifecycle risk. Warn rather than block because the capability is package-aligned and no unconsented install-time mutation or exfiltration is shown.
Evidence
package.jsondist/index.jsdist/server/index.jsdist/src/ext/load-plugin.d.tsdist/src/ext/module-registry.d.tsdist/src/ext/path.d.ts~/.vome/{hash}/modules/{key}/server/index.js

Decision evidence

public snapshot
AI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `dist/server/index.js` uses `new Function` for plugin/module handler source.
  • Plugin declarations identify a persistent `~/.vome/.../modules` code store.
  • `dist/index.js` and server/admin artifacts are deliberately obfuscated.
  • Importing `vome-core/server` loads host configuration from the project.
Evidence against
  • `package.json` has no `preinstall`, `install`, or `postinstall` hook.
  • No outbound HTTP client API was found in `dist/index.js` or `dist/server/index.js`.
  • No credential-harvesting, AI-agent config, shell-spawn, or destructive primitive was found.
  • Dynamic execution is scoped to the package's documented plugin/module framework.
Behavioral surface
Source
DynamicRequireNetwork
Supply chain
HighEntropyStringsMinifiedObfuscated
Manifest
WildcardDependency
scanned 53 file(s), 346 KB of source

Source & flagged code

3 flagged · loading source
dist/server/index.jsView file
1const _0x4727c2=_0x1a3d;(function(_0x1fa943,_0x5277dc){const _0x80a20e=_0x1a3d,_0x572732=_0x1fa943();while(!![]){try{const _0x54e8d2=parseInt(_0x80a20e(0x383))/0x1*(parseInt(_0x80a...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/server/index.jsView on unpkg · L1
dist/admin/directives/perm.jsView file
1function _0x252e(_0x543436,_0x40f477){_0x543436=_0x543436-0x7e;const _0x551b59=_0x551b();let _0x252e0b=_0x551b59[_0x543436];if(_0x252e['tPAfMX']===undefined){var _0x44cd2b=function...
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

dist/admin/directives/perm.jsView on unpkg · L1
dist/admin/static/fileicon/iconfont.woffView file
path = [redacted].woff kind = high_entropy_blob sizeBytes = 4228 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

dist/admin/static/fileicon/iconfont.woffView on unpkg

Findings

3 High4 Medium3 Low
HighObfuscated Payload Loaderdist/admin/directives/perm.js
HighObfuscated
HighShips High Entropy Blobdist/admin/static/fileicon/iconfont.woff
MediumDynamic Requiredist/server/index.js
MediumNetwork
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowNon Install Lifecycle Scripts
LowScripts Present
LowHigh Entropy Strings