registry  /  @paparats/cli  /  2.0.0

@paparats/cli@2.0.0

⚠ Under review

CLI for Paparats MCP - semantic code search with AST chunking, symbol graph, and vector search for AI coding assistants

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 15 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 15 file(s), 163 KB of source, external domains: docker.com, docs.docker.com, host.docker.internal, huggingface.co, www.apple.com, www.yamllint.com

Source & flagged code

6 flagged · loading source
dist/commands/edit.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @paparats/cli@1.7.4 matchedIdentity = npm:QHBhcGFyYXRzL2NsaQ:1.7.4 similarity = 0.667 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/commands/edit.jsView on unpkg
1import { Command } from 'commander'; L2: import { spawnSync } from 'child_process'; L3: import fs from 'fs';
High
Child Process

Package source references child process execution.

dist/commands/edit.jsView on unpkg · L1
dist/commands/install.jsView file
4import os from 'os'; L5: import { execSync, spawn } from 'child_process'; L6: import chalk from 'chalk'; ... L31: const CODE_MODEL_NAME = 'bge-code-v1'; L32: const CODE_GGUF_URL = 'https://huggingface.co/taylor-jones/bge-code-v1-Q8_0-GGUF/resolve/main/bge-code-v1-q8_0.gguf'; L33: const CODE_GGUF_FILE = path.join(MODELS_DIR, 'bge-code-v1-Q8_0.gguf'); ... L38: try { L39: const command = process.platform === 'win32' ? `where ${cmd}` : `command -v ${cmd}`; L40: execSync(command, { stdio: 'ignore', timeout: 3000 }); ... L115: } L116: const buffer = await response.arrayBuffer(); L117: fs.writeFileSync(dest, Buffer.from(buffer));
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/commands/install.jsView on unpkg · L4
4import os from 'os'; L5: import { execSync, spawn } from 'child_process'; L6: import chalk from 'chalk'; ... L31: const CODE_MODEL_NAME = 'bge-code-v1'; L32: const CODE_GGUF_URL = 'https://huggingface.co/taylor-jones/bge-code-v1-Q8_0-GGUF/resolve/main/bge-code-v1-q8_0.gguf'; L33: const CODE_GGUF_FILE = path.join(MODELS_DIR, 'bge-code-v1-Q8_0.gguf'); ... L38: try { L39: const command = process.platform === 'win32' ? `where ${cmd}` : `command -v ${cmd}`; L40: execSync(command, { stdio: 'ignore', timeout: 3000 }); ... L115: } L116: const buffer = await response.arrayBuffer(); L117: fs.writeFileSync(dest, Buffer.from(buffer));
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/commands/install.jsView on unpkg · L4
dist/commands/doctor.jsView file
25try { L26: execSync('docker compose version', { stdio: 'ignore', timeout: 3000 }); L27: return true; ... L37: // Resolve config for URLs/models L38: const qdrantUrl = process.env.QDRANT_URL ?? 'http://localhost:6333'; L39: const embedUrl = process.env.EMBED_URL ?? 'http://localhost:18434';
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/commands/doctor.jsView on unpkg · L25
dist/commands/update.jsView file
174try { L175: exec(`npm install -g ${NPM_PACKAGE}@latest`, { L176: stdio: opts.verbose ? 'inherit' : ['pipe', 'pipe', 'pipe'],
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/commands/update.jsView on unpkg · L174

Findings

1 Critical5 High4 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/commands/edit.js
HighChild Processdist/commands/edit.js
HighShell
HighSame File Env Network Executiondist/commands/doctor.js
HighSandbox Evasion Gated Capabilitydist/commands/install.js
HighRuntime Package Installdist/commands/update.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/commands/install.js
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings