registry  /  @github/copilot-linux-x64  /  1.0.71

@github/copilot-linux-x64@1.0.71

GitHub Copilot CLI for linux-x64

AI Security Review

scanned 3h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No install-time execution is defined. At runtime, the bundled extension bootstrap imports an extension path supplied by the Copilot runtime and wires it to the bundled SDK.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User invokes an extension-enabled Copilot runtime with `EXTENSION_PATH` configured.
Impact
An enabled extension executes with the invoking user's Copilot process permissions; no foreign control-surface mutation is confirmed.
Mechanism
Guarded first-party extension-host dynamic import and SDK resolution hook.
Rationale
Source inspection found a runtime extension loader and native executable capabilities, but no lifecycle hook, credential collection, destructive action, or package-originated malicious chain. Treat the guarded agent-extension surface as a warning rather than a publish-blocking malicious package.
Evidence
package.jsonindex.jspreloads/extension_bootstrap.mjspreloads/extension_sdk_resolver.mjscopilot-sdk/extension.jscopilot

Decision evidence

public snapshot
AI called this Suspicious at 84.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `preloads/extension_bootstrap.mjs` dynamically imports `EXTENSION_PATH`.
  • The same bootstrap redirects SDK imports through `Module._resolveFilename`.
  • `index.js` supports an env-triggered POST via `COPILOT_SHUTDOWN_FLUSH`.
  • `copilot` and native `.node` binaries are shipped and stripped.
Evidence against
  • `package.json` contains no lifecycle scripts.
  • The manifest only exposes the platform binary and bundled SDK.
  • Extension loading is guarded by a supplied `EXTENSION_PATH`; no path is set by install-time code.
  • No source evidence of credential harvesting, stealth persistence, or package-originated exfiltration.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNativeBindingsNetworkShell
Supply chain
HighEntropyStringsMinifiedUrlStrings
Manifest
NoLicense
scanned 15 file(s), 1.48 MB of source, external domains: aka.ms, api.anthropic.com, api.github.com, collector.example.com, collector.internal, docs.github.com, example.com, github.com, malicious-site.com, my-api.example.com, my-resource.openai.azure.com, no-color.org, proxy.corp.example, proxy.example.com
Oversized source lightweight scan
app.js8.67 MB file, sampled 256 KB
FilesystemChildProcessEnvironmentVarsNativeBindingsHighEntropyStringsUrlStringsapi.anthropic.comapi.github.comcollector.example.comcollector.internaldocs.github.comexample.comgithub.commalicious-site.commy-api.example.commy-resource.openai.azure.comno-color.orgproxy.corp.exampleproxy.example.com
sdk/index.js2.69 MB file, sampled 256 KB
FilesystemNetworkEnvironmentVarsNativeBindingsHighEntropyStringsMinifiedUrlStringsgithub.com

Source & flagged code

10 flagged · loading source
index.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @github/copilot-linux-x64@1.0.68 matchedIdentity = npm:[redacted]:1.0.68 similarity = 0.600 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

index.jsView on unpkg
8L9: var Ve=Object.create;var B=Object.defineProperty;var Ue=Object.getOwnPropertyDescriptor;var je=Object.getOwnPropertyNames;var We=Object.getPrototypeOf,qe=Object.prototype.hasOwnPro... L10: `)}else s.length>0&&(t=N(s[0],"app.js"))}return t}import{existsSync as br}from"node:fs";import{basename as vr,resolve as Er}from"node:path";var Pe="extension_bootstrap.mjs";functio...
High
Child Process

Package source references child process execution.

index.jsView on unpkg · L8
8L9: var Ve=Object.create;var B=Object.defineProperty;var Ue=Object.getOwnPropertyDescriptor;var je=Object.getOwnPropertyNames;var We=Object.getPrototypeOf,qe=Object.prototype.hasOwnPro... L10: `)}else s.length>0&&(t=N(s[0],"app.js"))}return t}import{existsSync as br}from"node:fs";import{basename as vr,resolve as Er}from"node:path";var Pe="extension_bootstrap.mjs";functio... ... L14: ${s}`)}function kr(e){if(e instanceof Error)return e.message;if(typeof e=="string")return e;try{return JSON.stringify(e)}catch{return Object.prototype.toString.call(e)}}function Ne... L15: `),process.exit(1)}}else if(process.env.COPILOT_SHUTDOWN_FLUSH){try{let{url:e,headers:r,body:t}=JSON.parse(process.env.COPILOT_SHUTDOWN_FLUSH);await fetch(e,{method:"POST",headers:...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

index.jsView on unpkg · L8
8L9: var Ve=Object.create;var B=Object.defineProperty;var Ue=Object.getOwnPropertyDescriptor;var je=Object.getOwnPropertyNames;var We=Object.getPrototypeOf,qe=Object.prototype.hasOwnPro... L10: `)}else s.length>0&&(t=N(s[0],"app.js"))}return t}import{existsSync as br}from"node:fs";import{basename as vr,resolve as Er}from"node:path";var Pe="extension_bootstrap.mjs";functio... ... L14: ${s}`)}function kr(e){if(e instanceof Error)return e.message;if(typeof e=="string")return e;try{return JSON.stringify(e)}catch{return Object.prototype.toString.call(e)}}function Ne... L15: `),process.exit(1)}}else if(process.env.COPILOT_SHUTDOWN_FLUSH){try{let{url:e,headers:r,body:t}=JSON.parse(process.env.COPILOT_SHUTDOWN_FLUSH);await fetch(e,{method:"POST",headers:...
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

index.jsView on unpkg · L8
preloads/extension_bootstrap.mjsView file
15// Register a CJS require hook so that CommonJS extensions can L16: // `require("@github/copilot-sdk")` and have it resolve to the bundled SDK. L17: const sdkPath = process.env.COPILOT_SDK_PATH;
Medium
Dynamic Require

Package source references dynamic require/import behavior.

preloads/extension_bootstrap.mjsView on unpkg · L15
copilot-sdk/index.jsView file
839Cross-file remote execution chain: copilot-sdk/index.js spawns index.js; helper contains network access plus dynamic code execution. L839: /** L840: * To be kept private to fire an event to L841: * subscribers ... L1377: try { L1378: await this.writable.write(headers.join(""), "ascii"); L1379: return this.writable.write(data); ... L2890: fromString(value, encoding) { L2891: return Buffer.from(value, encoding); L2892: } ... L3058: var crypto_1 = __require("crypto"); L3059: var net_1 = __require("net"); L3060: var api_1 = require_api();
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

copilot-sdk/index.jsView on unpkg · L839
copilotView file
path = copilot kind = native_binary sizeBytes = 157289280 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

copilotView on unpkg
tree-sitter-go.wasmView file
path = tree-sitter-go.wasm kind = wasm_module sizeBytes = 217182 magicHex = [redacted]
Medium
Ships Wasm Module

Package ships WebAssembly modules.

tree-sitter-go.wasmView on unpkg
sdk/index.jsView file
path = sdk/index.js kind = oversized_source_file sizeBytes = 2815595 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

sdk/index.jsView on unpkg
app.jsView file
path = app.js kind = oversized_cli_entrypoint sizeBytes = 9089681 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

app.jsView on unpkg

Findings

1 Critical6 High7 Medium4 Low
CriticalPrevious Version Dangerous Deltaindex.js
HighChild Processindex.js
HighShell
HighSame File Env Network Executionindex.js
HighCommand Output Exfiltrationindex.js
HighCross File Remote Execution Contextcopilot-sdk/index.js
HighOversized Source Filesdk/index.js
MediumDynamic Requirepreloads/extension_bootstrap.mjs
MediumNetwork
MediumEnvironment Vars
MediumShips Native Binarycopilot
MediumShips Wasm Moduletree-sitter-go.wasm
MediumOversized Cli Entrypointapp.js
MediumStructural Risk Force Deep Review
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License