•matchType = previous_version_dangerous_delta
matchedPackage = @sma1lboy/kobe@0.7.57
matchedIdentity = npm:QHNtYTFsYm95L2tvYmU:0.7.57
similarity = 0.838
summary = stored previous version shares package body but lacks this dangerous source file
CriticalPrevious Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version.
dist/cli/index.jsView on unpkg 2// @bun
L3: var lO=Object.defineProperty;var $O=(J)=>J;function aO(J,z){this[J]=$O.bind(null,z)}var H1=(J,z)=>{for(var Z in z)lO(J,Z,{get:z[Z],enumerable:!0,configurable:!0,set:aO.bind(z,Z)})}...
L4: `).filter((Z)=>Z.length>0)}wrapCommand(J,z={}){let Z=z.cwd?`cd ${$Q(z.cwd)} && ${J}`:J;return`${lQ(this.spec,{tty:z.tty}).map(BA).join(" ")} ${$Q(Z)}`}}var $Q,jA,AV=(J,z)=>{let[Z,....
HighChild Process
Package source references child process execution.
dist/cli/index.jsView on unpkg · L2 2// @bun
L3: var lO=Object.defineProperty;var $O=(J)=>J;function aO(J,z){this[J]=$O.bind(null,z)}var H1=(J,z)=>{for(var Z in z)lO(J,Z,{get:z[Z],enumerable:!0,configurable:!0,set:aO.bind(z,Z)})}...
L4: `).filter((Z)=>Z.length>0)}wrapCommand(J,z={}){let Z=z.cwd?`cd ${$Q(z.cwd)} && ${J}`:J;return`${lQ(this.spec,{tty:z.tty}).map(BA).join(" ")} ${$Q(Z)}`}}var $Q,jA,AV=(J,z)=>{let[Z,....
HighSame File Env Network Execution
A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/cli/index.jsView on unpkg · L2 2// @bun
L3: var lO=Object.defineProperty;var $O=(J)=>J;function aO(J,z){this[J]=$O.bind(null,z)}var H1=(J,z)=>{for(var Z in z)lO(J,Z,{get:z[Z],enumerable:!0,configurable:!0,set:aO.bind(z,Z)})}...
L4: `).filter((Z)=>Z.length>0)}wrapCommand(J,z={}){let Z=z.cwd?`cd ${$Q(z.cwd)} && ${J}`:J;return`${lQ(this.spec,{tty:z.tty}).map(BA).join(" ")} ${$Q(Z)}`}}var $Q,jA,AV=(J,z)=>{let[Z,....
HighCommand Output Exfiltration
Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/cli/index.jsView on unpkg · L2 2// @bun
L3: var lO=Object.defineProperty;var $O=(J)=>J;function aO(J,z){this[J]=$O.bind(null,z)}var H1=(J,z)=>{for(var Z in z)lO(J,Z,{get:z[Z],enumerable:!0,configurable:!0,set:aO.bind(z,Z)})}...
L4: `).filter((Z)=>Z.length>0)}wrapCommand(J,z={}){let Z=z.cwd?`cd ${$Q(z.cwd)} && ${J}`:J;return`${lQ(this.spec,{tty:z.tty}).map(BA).join(" ")} ${$Q(Z)}`}}var $Q,jA,AV=(J,z)=>{let[Z,....
HighRuntime Package Install
Package source invokes a package manager install command at runtime.
dist/cli/index.jsView on unpkg · L2 136`),process.exit(2)}function YD(J){try{return yS(zj(process.cwd(),J),"utf8")}catch(z){pZ(`cannot read ${J}: ${z instanceof Error?z.message:String(z)}`)}}function TS(J){let z={};for(...
L137: `);return}let{getRepoInitOverride:Y,setRepoInitOverride:X,resolveRepoRoot:G}=await Promise.resolve().then(() => (S1(),zZ)),{existsSync:q}=await import("fs"),{join:H}=await import("...
L138: `)});import{spawnSync as ES}from"child_process";function hS(J){let[z,Z]=J.split("/");if(!z||!Z)throw Error(`invalid GitHub repository slug: ${J}`);return{owner:z,name:Z}}function q...
MediumDynamic Require
Package source references dynamic require/import behavior.
dist/cli/index.jsView on unpkg · L136 2// @bun
L3: var lO=Object.defineProperty;var $O=(J)=>J;function aO(J,z){this[J]=$O.bind(null,z)}var H1=(J,z)=>{for(var Z in z)lO(J,Z,{get:z[Z],enumerable:!0,configurable:!0,set:aO.bind(z,Z)})}...
L4: `).filter((Z)=>Z.length>0)}wrapCommand(J,z={}){let Z=z.cwd?`cd ${$Q(z.cwd)} && ${J}`:J;return`${lQ(this.spec,{tty:z.tty}).map(BA).join(" ")} ${$Q(Z)}`}}var $Q,jA,AV=(J,z)=>{let[Z,....
...
L17: `);while(z!==-1){let Z=this.buffer.slice(0,z);if(this.buffer=this.buffer.slice(z+1),Z.trim().length>0)this.onLine(Z);z=this.buffer.indexOf(`
L18: `)}}onLine(J){let z;try{z=JSON.parse(J)}catch(Y){QJ("client-frame",Y);return}if(z.type==="event"){this.emit(z);return}if(z.type!=="response")return;let Z=this.pending.get(z.id);if(...
L19: `).map((X)=>X.trim()).filter(Boolean)[0];if(!Y)return;if(Y.startsWith("claude:")&&Y.includes("aliased to")){let X=Y.split("aliased to")[1]?.trim();return X&&dA(X)?X:void 0}return Y...
...
L21: `).map((X)=>X.trim()).filter(Boolean)[0];if(!Y)return;if(Y.startsWith("copilot:")&&Y.includes("aliased to")){let X=Y.split("aliased to")[1]?.trim();return X&&sA(X)?X:void 0}return ...
L22: `)){let X=Y.trim();if(!X)continue;if(!SZ(X))continue;let G;try{G=JSON.parse(X)}catch{c
LowWeak Crypto
Package source references weak cryptographic algorithms.
dist/cli/index.jsView on unpkg · L2