registry  /  @sevoniva/llm-coding-bridge  /  0.1.9

@sevoniva/llm-coding-bridge@0.1.9

Local bridge for using OpenAI-compatible chat completion providers with coding clients.

Static Scan Results

scanned 2d ago · by rust-scanner

Static analysis completed at 93.0% confidence. No malicious behavior was detected; 8 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 3 file(s), 50.7 KB of source, external domains: www.apple.com

Source & flagged code

2 flagged · loading source
bin/llm-coding-bridge.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @sevoniva/llm-coding-bridge@0.1.7 matchedIdentity = npm:[redacted]:0.1.7 similarity = 0.500 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

bin/llm-coding-bridge.jsView on unpkg
4const fs = require("node:fs"); L5: const http = require("node:http"); L6: const os = require("node:os"); ... L8: const { randomUUID } = require("node:crypto"); L9: const { spawnSync } = require("node:child_process"); L10: const readline = require("node:readline/promises"); ... L15: const command = argv[0] && !argv[0].startsWith("-") ? argv.shift() : "help"; L16: const args = { command, config: DEFAULT_CONFIG, out: DEFAULT_CONFIG, name: "llm-coding-bridge", home: os.homedir(), lines: 80 }; L17: if (command === "template" && argv[0] && !argv[0].startsWith("-")) args.template = argv.shift(); ... L54: const configPath = path.resolve(file); L55: const config = JSON.parse(fs.readFileSync(configPath, "utf8")); L56: const server = { host: "127.0.0.1", port: 18080, ...(config.server || {}) };
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

bin/llm-coding-bridge.jsView on unpkg · L4

Findings

1 High3 Medium4 Low
HighPrevious Version Dangerous Deltabin/llm-coding-bridge.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencebin/llm-coding-bridge.js
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings