Loading npm security reports…
Audit where your coding agent's context window and API dollars go.
Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
`dist/statusline-EXFMQYFF.js` writes `~/.claude/settings.json` with a `statusLine` command.
dist/statusline-EXFMQYFF.jsView on unpkg`dist/cli.js` exposes that write only through explicit `tokz statusline enable`.
dist/cli.jsView on unpkg`dist/statusline-EXFMQYFF.js` writes `~/.claude/settings.json` with a `statusLine` command.
dist/statusline-EXFMQYFF.jsView on unpkg`dist/cli.js` exposes that write only through explicit `tokz statusline enable`.
dist/cli.jsView on unpkg