registry  /  @nac3/forge-cli  /  1.0.57

@nac3/forge-cli@1.0.57

⚠ Under review

Yujin Forge -- voice-first NAC-3 React development framework. CLI + chat panel + spec ingest + 10-format document reader + voice loop.

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 19 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsTelemetryUrlStrings
Manifest
NoLicense
scanned 357 file(s), 3.64 MB of source, external domains: 127.0.0.1, api.anthropic.com, api.bitbucket.org, api.cohere.com, api.deepseek.com, api.elevenlabs.io, api.figma.com, api.github.com, api.linear.app, api.mailgun.net, api.mistral.ai, api.notion.com, api.openai.com, api.sendgrid.com, api.slack.com, api.stripe.com, api.twilio.com, api.x.ai, api.z.ai, app.mailgun.com, app.sendgrid.com, bitbucket.org, buy.polar.sh, console.anthropic.com, console.aws.amazon.com, console.cloud.google.com, console.twilio.com, dashboard.stripe.com, dashscope-intl.aliyuncs.com, developers.cloudflare.com, discord.com, docs.google.com, elevenlabs.io, fonts.googleapis.com, generativelanguage.googleapis.com, github.com, gitlab.com, hub.docker.com, linear.app, platform.openai.com, prompts.yujin.app, pypi.org, registry.npmjs.org, schemas.openxmlformats.org, slack.com, speech.googleapis.com, texttospeech.googleapis.com, unpkg.com, upload.pypi.org, www.figma.com

Source & flagged code

9 flagged · loading source
dist/codegen/e2e.jsView file
390patternName = generic_password severity = medium line = 390 matchedText = " passw...',",
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/codegen/e2e.jsView on unpkg · L390
400patternName = generic_password severity = medium line = 400 matchedText = " passw...',",
Medium
Secret Pattern

Hardcoded password in dist/codegen/e2e.js

dist/codegen/e2e.jsView on unpkg · L400
dist/chat/project_slug.jsView file
78/* eslint-disable @typescript-eslint/no-require-imports */ L79: const fsSync = require('node:fs'); L80: try {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/chat/project_slug.jsView on unpkg · L78
dist/migrate/overrides.jsView file
44const raw = await fs.readFile(p, 'utf-8'); L45: const parsed = JSON.parse(raw); L46: if (!parsed || typeof parsed !== 'object' || !Array.isArray(parsed.overrides)) {
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/migrate/overrides.jsView on unpkg · L44
dist/commands/app.jsView file
103return missingSlot(opts, 'slack_bot_token'); L104: const r = await fetch('https://slack.com/api/chat.postMessage', { L105: method: 'POST', ... L110: }, L111: body: JSON.stringify({ channel, text: message }), L112: }); ... L135: } L136: const from = opts.from ?? process.env.TWILIO_FROM ?? ''; L137: if (!from) { ... L140: const url = 'https://api.twilio.com/2010-04-01/Accounts/' + sid + '/Messages.json'; L141: const auth = Buffer.from(sid + ':' + token).toString('base64'); L142: const body = new URLSearchParams({ To: to, From: from, Body: message });
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

dist/commands/app.jsView on unpkg · L103
103Trigger-reachable chain: manifest.bin -> dist/bin/yf.js -> dist/commands/app.js L103: return missingSlot(opts, 'slack_bot_token'); L104: const r = await fetch('https://slack.com/api/chat.postMessage', { L105: method: 'POST', ... L110: }, L111: body: JSON.stringify({ channel, text: message }), L112: }); ... L135: } L136: const from = opts.from ?? process.env.TWILIO_FROM ?? ''; L137: if (!from) { ... L140: const url = 'https://api.twilio.com/2010-04-01/Accounts/' + sid + '/Messages.json'; L141: const auth = Buffer.from(sid + ':' + token).toString('base64'); L142: const body = new URLSearchParams({ To: to, From: from, Body: message });
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/commands/app.jsView on unpkg · L103
dist/core/desktop_open.jsView file
23*/ L24: import { spawn } from 'node:child_process'; L25: import { existsSync, readFileSync } from 'node:fs'; ... L46: function shellOpen(target) { L47: if (process.platform === 'win32') { L48: /* cmd start: the first quoted arg is the window TITLE (empty), then ... L65: try { L66: const j = JSON.parse(readFileSync(absPath, 'utf-8')); L67: if (j.url && /^https?:\/\//i.test(j.url)) ... L70: if (id) L71: return 'https://docs.google.com/spreadsheets/d/' + encodeURIComponent(id) + '/edit'; L72: }
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/core/desktop_open.jsView on unpkg · L23
dist/chat/server.jsView file
3749package = @nac3/forge-cli; repositoryIdentity = yujin-forge; dependency = qrcode L3749: catch { /* best-effort */ } L3750: const QRCode = (await import('qrcode')).default; L3751: /* PND-047 follow-up -- the pairing payload grew (the per-handle key is
High
Copied Package Dependency Bridge

Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.

dist/chat/server.jsView on unpkg · L3749
package.jsonView file
Remote tarball dependency specs: xlsx@https://cdn.sheetjs.com/xlsx-0.20.3/xlsx-0.20.3.tgz
Medium
Remote Tarball Dependency

Package manifest contains a dependency pinned to a remote tarball URL.

package.jsonView on unpkg

Findings

2 Critical2 High7 Medium8 Low
CriticalCredential Exfiltrationdist/commands/app.js
CriticalTrigger Reachable Dangerous Capabilitydist/commands/app.js
HighSandbox Evasion Gated Capabilitydist/core/desktop_open.js
HighCopied Package Dependency Bridgedist/chat/server.js
MediumSecret Patterndist/codegen/e2e.js
MediumDynamic Requiredist/chat/project_slug.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumRemote Tarball Dependencypackage.json
MediumSecret Patterndist/codegen/e2e.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/migrate/overrides.js
LowFilesystem
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings
LowNo License