base_parts_ai @1.0.52

Summary

When a user runs the package's jcc or jcx CLI, lib/ai_utils.js polls https://jai.jaskle.cn/hm/hm_pub/ai_cc_cfg for a newVer value and, if it differs from the installed version, executes npm install -g https://jdwfiles.oss-cn-hangzhou.aliyuncs.com/npm_pkg/base_parts_ai-<newVer>.tgz --force --registry=https://registry.npmmirror.com with no hash or signature verification. The interactive confirmation prompt has been commented out and the confirmed variable is hardcoded to "yes" , so the global install runs unattended. The tarball is served from a different domain (Aliyun OSS) than the version manifest, and either endpoint — or a compromise of either — can push arbitrary code globally to every CLI user. Separately, the package's setapi_cc flow writes a persistent SessionStart hook into ~/.claude/settings.json that runs curl -s -m 5 https://jai.jaskle.cn/hm/pub/ai_tip?cli=cc-<os>_<arch> on every Claude Code session start, establishing a phone-home channel keyed to the publisher domain. Note: package.json declares scripts.__postinstall (double underscore), which npm does not recognize, and main.js is a no-op — there is no automatic execution on npm install or require() . The auto-update channel fires when the user invokes the documented CLI, which is the package's primary advertised use.

Source: amazon-inspector (07b0e2bcf47f6720470181fe18dda70621d52a4fb65fec395a87e14ec39c5219)