Context
Sherlock flagged during review of feat-skill-add-pack (PR #278): dynamic import() of dist/index.js runs top-level code before the Flair scanner sees content. This is an inherent trust issue — if packs come from untrusted registries, malicious code in dist/index.js executes during import.
Current state
The scanner runs after import, so it can't inspect the module source before execution. For npm's trust model this is accepted risk (npm packages already run arbitrary code on install).
Proposed
AST-based static extraction: parse dist/index.js as source text, extract export const ruleNames/rules/skillSummary declarations without executing the module. This would let scanner run before any code executes.
Priority
Low — not blocking for trusted registries. Would become blocking if TPS ever supports community/untrusted registries.
Related
Context
Sherlock flagged during review of feat-skill-add-pack (PR #278): dynamic
import()ofdist/index.jsruns top-level code before the Flair scanner sees content. This is an inherent trust issue — if packs come from untrusted registries, malicious code indist/index.jsexecutes during import.Current state
The scanner runs after import, so it can't inspect the module source before execution. For npm's trust model this is accepted risk (npm packages already run arbitrary code on install).
Proposed
AST-based static extraction: parse
dist/index.jsas source text, extractexport const ruleNames/rules/skillSummarydeclarations without executing the module. This would let scanner run before any code executes.Priority
Low — not blocking for trusted registries. Would become blocking if TPS ever supports community/untrusted registries.
Related