recordly
Audited by Socket on May 19, 2026
1 alert found:
AnomalyNo explicit malware indicators are present in the shell installer itself (no obvious exfiltration, backdoor, or credential-stealing logic). However, it has meaningful supply-chain risk because it clones/pulls an unpinned remote repository and then runs npm install and platform-specific build scripts that execute lifecycle/build code from unverified upstream content; it also clears macOS quarantine and sets execution permissions on whichever first matching artifacts it finds. Hardening should include pinning the repo to an immutable commit/tag, enforcing npm lockfile integrity (e.g., npm ci with a committed lockfile), and optionally verifying signatures/checksums for both source and resulting artifacts.