Harper is a distributed database, caching service, streaming broker, and application development platform focused on performance and ease of use. Harper Pro includes replication, certificate management, profiling.
Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Package contains a critical-looking secret pattern.
core/utility/terms/certificates.jsView on unpkg · L8RSA private key in core/utility/terms/certificates.js
core/utility/terms/certificates.jsView on unpkg · L8Package source references dynamic require/import behavior.
core/upgrade/directives/5-1-0.tsView on unpkg · L39Package source executes code through a VM context API.
core/security/jsLoader.tsView on unpkg · L13Source reaches cloud instance metadata or link-local credential endpoints.
core/agent/tools/httpFetchTool.tsView on unpkg · L8Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
studio/web/assets/yaml.worker-DZpdto5S.jsView on unpkg · L115Package ships non-JavaScript build or shell helper files.
core/utility/scripts/user_data.shView on unpkgPackage ships high-entropy non-source blobs.
studio/web/assets/PPRadioGrotesk-Bold-DDaUYG8E.woffView on unpkgPackage contains source files above the static scanner size ceiling.
studio/web/assets/ts.worker-CV4Qyelf.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
studio/web/assets/applications-B5hhv7uA.jsView on unpkgRSA private key in dist/core/utility/terms/certificates.js
dist/core/utility/terms/certificates.jsView on unpkg · L4Package contains a critical-looking secret pattern.
core/utility/terms/certificates.jsView on unpkg · L8Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
studio/web/assets/yaml.worker-DZpdto5S.jsView on unpkg · L115Package ships non-JavaScript build or shell helper files.
core/utility/scripts/user_data.shView on unpkgPackage ships high-entropy non-source blobs.
studio/web/assets/PPRadioGrotesk-Bold-DDaUYG8E.woffView on unpkgPackage contains source files above the static scanner size ceiling.
studio/web/assets/ts.worker-CV4Qyelf.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
studio/web/assets/applications-B5hhv7uA.jsView on unpkgRSA private key in core/utility/terms/certificates.js
Package source references dynamic require/import behavior.
core/upgrade/directives/5-1-0.tsView on unpkg · L39Package source executes code through a VM context API.
core/security/jsLoader.tsView on unpkg · L13Source reaches cloud instance metadata or link-local credential endpoints.
core/agent/tools/httpFetchTool.tsView on unpkg · L8RSA private key in dist/core/utility/terms/certificates.js
dist/core/utility/terms/certificates.jsView on unpkg · L4