firebase-cli

Warn

Audited by Socket on Jun 17, 2026

1 alert found:

Anomaly
AnomalyLOW
scripts/install.sh

This is primarily an installer/orchestration shell script for `firebase-tools`. No explicit malware behaviors (e.g., credential theft, persistence, exfiltration, backdoors) are evident in the snippet itself. The main supply-chain risk is the standalone installation method executing a remote script directly (`curl -sL https://firebase.tools | bash`) without visible integrity verification; npm installation also relies on registry/package trust and is not additionally pinned or checked beyond an optional version parameter. Overall: treat as a moderate-to-high install-time supply-chain hardening concern rather than confirmed malicious code.

Confidence: 100%Severity: 60%
Audit Metadata
Analyzed At
Jun 17, 2026, 07:07 AM
Package URL
pkg:socket/skills-sh/akillness%2Fjeo-skills%2Ffirebase-cli%2F@6b56b2ecff05fa8a6449e9c9a2f071f78dbbe1c4654c8c763bec476aab3ce09e
Security Audit — socket — firebase-cli