registry  /  workerd  /  1.20260706.1

workerd@1.20260706.1

👷 workerd, Cloudflare's JavaScript/Wasm Runtime

AI Security Review

scanned 1d ago · by lpm-firewall-ai

No confirmed malicious attack surface. Install/runtime behavior is consistent with a native binary wrapper that resolves or installs the platform-specific Cloudflare workerd package.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; user invokes bin/workerd at runtime
Impact
Installs or executes the matching @cloudflare/workerd-* binary; no evidence of unauthorized data access, persistence, or exfiltration.
Mechanism
platform-specific native binary resolution and fallback optional dependency install
Rationale
The suspicious lifecycle hook is package-aligned: it installs an exact-version first-party optional dependency for the current platform and then exposes that binary. Source inspection did not find credential harvesting, exfiltration, destructive behavior, AI-agent control mutation, or remote payload execution beyond npm fetching declared optional dependencies.
Evidence
package.jsoninstall.jslib/main.jsbin/workerdworker.mjsnode_modules/@cloudflare/workerd-* via npm install fallback

Decision evidence

public snapshot
AI called this Clean at 92.0% confidence as Benign with low false-positive risk.
Evidence for block
  • package.json defines postinstall: node install.js
  • install.js uses child_process.execFileSync to invoke npm install when optional platform package is missing
  • lib/main.js loads platform-specific @cloudflare/workerd-* native binary packages
Evidence against
  • postinstall package install targets scoped first-party @cloudflare/workerd-* optionalDependencies from package.json
  • install.js sets npm_config_global=false and npm_config_save=false and installs only the current platform package with exact version
  • No credential/env/file harvesting or exfiltration code found in install.js, lib/main.js, bin/workerd, package.json
  • bin/workerd delegates to generateBinPath() and executes the resolved workerd binary
  • Network-related code in worker.mjs implements runtime APIs, not install-time outbound exfiltration
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 271 KB of source, external domains: registry.npmjs.org, www.apache.org, yarnpkg.com
Oversized source lightweight scan
worker.mjs4.53 MB file, sampled 256 KB
FilesystemNetworkChildProcessHighEntropyStringsMinifiedUrlStringswww.apache.org

Source & flagged code

5 flagged · loading source
package.jsonView file
•scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
•scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
install.jsView file
57var import_https = __toESM(require("https")); L58: var import_child_process = __toESM(require("child_process")); L59: var toPath = import_path2.default.join(__dirname, "bin", "workerd");
High
Child Process

Package source references child process execution.

install.jsView on unpkg · L57
153import_fs.default.writeFileSync(import_path2.default.join(installDir, "package.json"), "{}"); L154: import_child_process.default.execSync( L155: `npm install --loglevel=error --prefer-offline --no-audit --progress=false ${pkg}@${"1.20260706.1"}`, L156: { cwd: installDir, stdio: "pipe", env }
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

install.jsView on unpkg · L153
worker.mjsView file
•path = worker.mjs kind = oversized_source_file sizeBytes = 4747010 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

worker.mjsView on unpkg

Findings

4 High4 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processinstall.js
HighRuntime Package Installinstall.js
HighOversized Source Fileworker.mjs
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings