registry  /  @desplega.ai/agent-swarm  /  1.109.0

@desplega.ai/agent-swarm@1.109.0

⚠ Under review

Multi-agent orchestration for Claude Code, Codex, Gemini CLI, and other AI coding assistants

Static Scan Results

scanned 6d ago · by rust-scanner

Static analysis flagged 46 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsTelemetryUrlStrings
Manifest
WildcardDependency
scanned 1,128 file(s), 24.3 MB of source, external domains: 10.0.0.1, 127.0.0.1, 169.254.169.254, 169.254.170.2, 172.16.0.1, 172.31.255.255, 172.32.0.1, 192.168.1.1, a.co, a.com, a.local, accounts.google.com, acme.example, agent-abc-123.swarm.example.com, agent-fs.example.test, agent-fs.test, agent-svc-test.swarm.example.com, agent-swarm-mcp.desplega.sh, agent-swarm.cloud, agent-swarm.cloud.attacker.com, agent-swarm.dev, agent-swarm.dev.attacker.com, ai-gateway.vercel.sh, ai-sdk.dev, aiplatform.googleapis.com, api.agent-swarm.cloud, api.agent-swarm.dev, api.agentmail.ai, api.agentmail.to, api.ant-ling.com, api.anthropic.com, api.atlassian.com, api.attio.com, api.cerebras.ai, api.cloudflare.com, api.deepseek.com, api.devin.ai, api.e2b.app, api.e2b.example, api.example-swarm.dev, api.example.com, api.example.test, api.fireworks.ai, api.github.com, api.groq.com, api.hubspot.com, api.individual.githubcopilot.com, api.kapso.ai, api.kimi.com, api.linear.app
Oversized source lightweight scan
dist/cli-4hapc9v6.js8.43 MB file, sampled 256 KB
FilesystemCryptoHighEntropyStrings
dist/cli-aenr2vrd.js2.80 MB file, sampled 256 KB
FilesystemChildProcessEnvironmentVarsEvalHighEntropyStringsUrlStringsraw.githubusercontent.com
dist/otel-impl-zx1b8yr9.js2.31 MB file, sampled 256 KB
FilesystemChildProcessEnvironmentVarsHighEntropyStringsUrlStringsopentelemetry.io
dist/pi-mono-adapter-ayr3akk8.js6.58 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsCryptoShellHighEntropyStringsUrlStringsgithub.com

Source & flagged code

36 flagged · loading source
src/tests/task-supersede-resume.test.tsView file
565patternName = github_pat severity = critical line = 565 matchedText = const fa...aa";
Critical
Critical Secret

Package contains a critical-looking secret pattern.

src/tests/task-supersede-resume.test.tsView on unpkg · L565
565patternName = github_pat severity = critical line = 565 matchedText = const fa...aa";
Critical
Secret Pattern

GitHub personal access token in src/tests/task-supersede-resume.test.ts

src/tests/task-supersede-resume.test.tsView on unpkg · L565
dist/cli-a0t7vapf.jsView file
921} L922: fork(options) { L923: return (options.client ?? this._client).post({
High
Child Process

Package source references child process execution.

dist/cli-a0t7vapf.jsView on unpkg · L921
dist/cli-06p7cfcg.jsView file
1196try { L1197: fn = new Function(...PARAM_SHADOW_KEYS, "payload", `${BODY_SHADOW_PREAMBLE} return (${filter})(payload);`); L1198: } catch (err) {
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/cli-06p7cfcg.jsView on unpkg · L1196
dist/openai-codex-responses-8h6kvfv8.jsView file
82var _os = null; L83: var dynamicImport = (specifier) => import(__rewriteRelativeImportExtension(specifier)); L84: var NODE_OS_SPECIFIER = "node:os";
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/openai-codex-responses-8h6kvfv8.jsView on unpkg · L82
dist/cli-rtqc5r54.jsView file
11768} L11769: function combineURLs(baseURL, relativeURL) { L11770: return relativeURL ? baseURL.replace(/\/?\/$/, "") + "/" + relativeURL.replace(/^\/+/, "") : baseURL; ... L20874: try { L20875: data = node_fs_1.default.readFileSync(node_path_1.default.resolve("".concat(installationDir, "/app-latest"))); L20876: installation = JSON.parse(data.toString());
High
Remote Agent Bridge

Source exposes local file and command tools to a remote model endpoint.

dist/cli-rtqc5r54.jsView on unpkg · L11768
32require_stream, L33: require_websocket, L34: require_websocket_server ... L164: L165: // node_modules/@slack/web-api/package.json L166: var require_package = __commonJS((exports, module) => { ... L222: eventemitter3: "^5.0.1", L223: "form-data": "^4.0.4", L224: "is-electron": "2.2.2", ... L10388: } else { L10389: dataBuffer = Buffer.concat([dataBuffer, Buffer.from(this._streams[i])]); L10390: }
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/cli-rtqc5r54.jsView on unpkg · L32
dist/cli-czkae1fp.jsView file
589}; L590: var uriEncode = (value) => encodeURIComponent(value).replace(/[!*'()]/g, (c) => `%${c.charCodeAt(0).toString(16).toUpperCase()}`); L591: var endpointFunctions = { ... L2231: stream.on("error", (err) => { L2232: collector.end(); L2233: reject(err); ... L2368: throw new Error(`Cannot transform payload Blob to web stream. Please make sure the Blob.stream() is polyfilled. L2369: ` + "If you are using React Native, this API is not yet supported, see: https://react-native.canny.io/feature-requests/p/fetch-streaming-body"); L2370: } ... L5567: var getHomeDir = () => { L5568: const { HOME, USERPROFILE, HOMEPATH, HOMEDRIVE = `C:${node_path.sep}` } = process.env; L5569: if (HOME)
High
Cloud Metadata Access

Source reaches cloud instance metadata or link-local credential endpoints.

dist/cli-czkae1fp.jsView on unpkg · L589
dist/cli-w6zp4qcx.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @desplega.ai/agent-swarm@1.106.0 matchedIdentity = npm:[redacted]:1.106.0 similarity = 0.783 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/cli-w6zp4qcx.jsView on unpkg
56Cross-file remote execution chain: dist/cli-w6zp4qcx.js spawns dist/cli-m3enfr8q.js; helper contains network access plus dynamic code execution. L56: import path from "path"; L57: import { spawn } from "child_process"; L58: import { statSync } from "fs"; ... L130: try { L131: parsed = JSON.parse(item); L132: } catch (error) { ... L272: } else { L273: for (const [key, value] of Object.entries(process.env)) { L274: if (value !== undefined) { ... L297: } L298: child.stdin.write(args.input); L299: child.stdin.end();
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/cli-w6zp4qcx.jsView on unpkg · L56
dist/index-2qn2qndv.jsView file
15var supportsRequestInitExt = () => { L16: return typeof process === "object" && Number.parseInt(process?.versions?.node?.substring(0, 2)) >= 18 && process.versions.undici; L17: }; ... L59: const serializedBody = body === undefined ? undefined : bodySerializer(body, mergeHeaders(baseHeaders, headers, params.header)); L60: const finalHeaders = mergeHeaders(serializedBody === undefined || serializedBody instanceof FormData ? {} : { L61: "Content-Type": "application/json" ... L176: } L177: let error = await response.text(); L178: try { ... L1434: const dv = new DataView(new ArrayBuffer(8)); L1435: const ok = typeof BigInt === "function" && typeof dv.getBigInt64 === "function" && typeof dv.getBigUint64 === "function" && typeof dv.setBigInt64 === "function" && typeof dv.setBig... L1436: if (ok) {
High
Base64 Obscured Url

Source decodes a Base64-obscured HTTP endpoint at runtime.

dist/index-2qn2qndv.jsView on unpkg · L15
plugin/skills/artifacts/examples/static-report.shView file
path = [redacted]-report.sh kind = build_helper sizeBytes = 390 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

plugin/skills/artifacts/examples/static-report.shView on unpkg
dist/cli-aenr2vrd.jsView file
path = dist/cli-aenr2vrd.js kind = oversized_source_file sizeBytes = 2935976 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/cli-aenr2vrd.jsView on unpkg
src/tests/status.test.tsView file
343patternName = private_key_rsa severity = critical line = 343 matchedText = process......";
Critical
Secret Pattern

RSA private key in src/tests/status.test.ts

src/tests/status.test.tsView on unpkg · L343
src/tests/http-api-integration.test.tsView file
1669patternName = stripe_webhook_secret severity = high line = 1669 matchedText = const WE...cret
High
Secret Pattern

Stripe webhook signing secret in src/tests/http-api-integration.test.ts

src/tests/http-api-integration.test.tsView on unpkg · L1669
src/tests/launch-password-rejection.test.tsView file
76patternName = generic_password severity = medium line = 76 matchedText = password...sh",
Medium
Secret Pattern

Hardcoded password in src/tests/launch-password-rejection.test.ts

src/tests/launch-password-rejection.test.tsView on unpkg · L76
src/tests/secret-scrubber.test.tsView file
51patternName = github_pat severity = critical line = 51 matchedText = process....89";
Critical
Secret Pattern

GitHub personal access token in src/tests/secret-scrubber.test.ts

src/tests/secret-scrubber.test.tsView on unpkg · L51
53patternName = github_pat severity = critical line = 53 matchedText = const ou...d");
Critical
Secret Pattern

GitHub personal access token in src/tests/secret-scrubber.test.ts

src/tests/secret-scrubber.test.tsView on unpkg · L53
102patternName = github_pat severity = critical line = 102 matchedText = "ghp_poo...AB";
Critical
Secret Pattern

GitHub personal access token in src/tests/secret-scrubber.test.ts

src/tests/secret-scrubber.test.tsView on unpkg · L102
104patternName = github_pat severity = critical line = 104 matchedText = const ou...0");
Critical
Secret Pattern

GitHub personal access token in src/tests/secret-scrubber.test.ts

src/tests/secret-scrubber.test.tsView on unpkg · L104
105patternName = github_pat severity = critical line = 105 matchedText = expect(o...0");
Critical
Secret Pattern

GitHub personal access token in src/tests/secret-scrubber.test.ts

src/tests/secret-scrubber.test.tsView on unpkg · L105
110patternName = github_pat severity = critical line = 110 matchedText = process....89";
Critical
Secret Pattern

GitHub personal access token in src/tests/secret-scrubber.test.ts

src/tests/secret-scrubber.test.tsView on unpkg · L110
114patternName = github_pat severity = critical line = 114 matchedText = "gh=ghp_...90";
Critical
Secret Pattern

GitHub personal access token in src/tests/secret-scrubber.test.ts

src/tests/secret-scrubber.test.tsView on unpkg · L114
146patternName = github_fine_grained severity = critical line = 146 matchedText = const ou...f");
Critical
Secret Pattern

GitHub fine-grained PAT in src/tests/secret-scrubber.test.ts

src/tests/secret-scrubber.test.tsView on unpkg · L146
152patternName = github_pat severity = critical line = 152 matchedText = const ou...d");
Critical
Secret Pattern

GitHub personal access token in src/tests/secret-scrubber.test.ts

src/tests/secret-scrubber.test.tsView on unpkg · L152
158patternName = github_oauth severity = critical line = 158 matchedText = const ou...d");
Critical
Secret Pattern

GitHub OAuth access token in src/tests/secret-scrubber.test.ts

src/tests/secret-scrubber.test.tsView on unpkg · L158
163patternName = github_server_token severity = critical line = 163 matchedText = const ou...d");
Critical
Secret Pattern

GitHub server-to-server token in src/tests/secret-scrubber.test.ts

src/tests/secret-scrubber.test.tsView on unpkg · L163
197patternName = aws_access_key severity = critical line = 197 matchedText = const ou...g");
Critical
Secret Pattern

AWS access key ID in src/tests/secret-scrubber.test.ts

src/tests/secret-scrubber.test.tsView on unpkg · L197
199patternName = aws_access_key severity = critical line = 199 matchedText = expect(o...E");
Critical
Secret Pattern

AWS access key ID in src/tests/secret-scrubber.test.ts

src/tests/secret-scrubber.test.tsView on unpkg · L199
219patternName = github_pat severity = critical line = 219 matchedText = const ou...D");
Critical
Secret Pattern

GitHub personal access token in src/tests/secret-scrubber.test.ts

src/tests/secret-scrubber.test.tsView on unpkg · L219
297patternName = github_pat severity = critical line = 297 matchedText = process....89";
Critical
Secret Pattern

GitHub personal access token in src/tests/secret-scrubber.test.ts

src/tests/secret-scrubber.test.tsView on unpkg · L297
299patternName = github_pat severity = critical line = 299 matchedText = const on...9");
Critical
Secret Pattern

GitHub personal access token in src/tests/secret-scrubber.test.ts

src/tests/secret-scrubber.test.tsView on unpkg · L299
204patternName = google_api_key severity = high line = 204 matchedText = const ou...l");
High
Secret Pattern

Google API key in src/tests/secret-scrubber.test.ts

src/tests/secret-scrubber.test.tsView on unpkg · L204
src/tests/pages-http.test.tsView file
133patternName = generic_password severity = medium line = 133 matchedText = const pa...-9";
Medium
Secret Pattern

Hardcoded password in src/tests/pages-http.test.ts

src/tests/pages-http.test.tsView on unpkg · L133
src/tests/create-page-tool.test.tsView file
180patternName = generic_password severity = medium line = 180 matchedText = password...me",
Medium
Secret Pattern

Hardcoded password in src/tests/create-page-tool.test.ts

src/tests/create-page-tool.test.tsView on unpkg · L180
src/tests/pages-public-authed-401.test.tsView file
92patternName = generic_password severity = medium line = 92 matchedText = password...sh",
Medium
Secret Pattern

Hardcoded password in src/tests/pages-public-authed-401.test.ts

src/tests/pages-public-authed-401.test.tsView on unpkg · L92

Findings

20 Critical9 High10 Medium7 Low
CriticalCritical Secretsrc/tests/task-supersede-resume.test.ts
CriticalPrevious Version Dangerous Deltadist/cli-w6zp4qcx.js
CriticalSecret Patternsrc/tests/task-supersede-resume.test.ts
CriticalSecret Patternsrc/tests/status.test.ts
CriticalSecret Patternsrc/tests/secret-scrubber.test.ts
CriticalSecret Patternsrc/tests/secret-scrubber.test.ts
CriticalSecret Patternsrc/tests/secret-scrubber.test.ts
CriticalSecret Patternsrc/tests/secret-scrubber.test.ts
CriticalSecret Patternsrc/tests/secret-scrubber.test.ts
CriticalSecret Patternsrc/tests/secret-scrubber.test.ts
CriticalSecret Patternsrc/tests/secret-scrubber.test.ts
CriticalSecret Patternsrc/tests/secret-scrubber.test.ts
CriticalSecret Patternsrc/tests/secret-scrubber.test.ts
CriticalSecret Patternsrc/tests/secret-scrubber.test.ts
CriticalSecret Patternsrc/tests/secret-scrubber.test.ts
CriticalSecret Patternsrc/tests/secret-scrubber.test.ts
CriticalSecret Patternsrc/tests/secret-scrubber.test.ts
CriticalSecret Patternsrc/tests/secret-scrubber.test.ts
CriticalSecret Patternsrc/tests/secret-scrubber.test.ts
CriticalSecret Patternsrc/tests/secret-scrubber.test.ts
HighChild Processdist/cli-a0t7vapf.js
HighShell
HighCloud Metadata Accessdist/cli-czkae1fp.js
HighRemote Agent Bridgedist/cli-rtqc5r54.js
HighCross File Remote Execution Contextdist/cli-w6zp4qcx.js
HighBase64 Obscured Urldist/index-2qn2qndv.js
HighOversized Source Filedist/cli-aenr2vrd.js
HighSecret Patternsrc/tests/http-api-integration.test.ts
HighSecret Patternsrc/tests/secret-scrubber.test.ts
MediumDynamic Requiredist/openai-codex-responses-8h6kvfv8.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperplugin/skills/artifacts/examples/static-report.sh
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
MediumSecret Patternsrc/tests/launch-password-rejection.test.ts
MediumSecret Patternsrc/tests/pages-http.test.ts
MediumSecret Patternsrc/tests/create-page-tool.test.ts
MediumSecret Patternsrc/tests/pages-public-authed-401.test.ts
LowScripts Present
LowEvaldist/cli-06p7cfcg.js
LowWeak Cryptodist/cli-rtqc5r54.js
LowFilesystem
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings