registry  /  baro-ai  /  0.70.14

baro-ai@0.70.14

⚠ Under review

Autonomous parallel coding - plan and execute with AI

Static Scan Results

scanned 2d ago · by rust-scanner

Static analysis flagged 18 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 7 file(s), 6.14 MB of source, external domains: 169.254.169.254, accounts.google.com, api.anthropic.com, api.minimax.io, api.openai.com, auth.openai.com, baro.rs, cloud.google.com, cloudresourcemanager.googleapis.com, docs.anthropic.com, docs.baro.rs, docs.expo.dev, example.com, fetch.spec.whatwg.org, generativelanguage.googleapis.com, github.com, help.openai.com, metadata.google.internal, oauth2.googleapis.com, platform.claude.com, registry.npmjs.org, www.googleapis.com, www.gstatic.com, www.ietf.org

Source & flagged code

10 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
dist/run-intake.mjsView file
16882var executable_response_1 = require_executable_response(); L16883: var childProcess = __require("child_process"); L16884: var fs2 = __require("fs");
High
Child Process

Package source references child process execution.

dist/run-intake.mjsView on unpkg · L16882
50} L51: this._originalTimeouts = JSON.parse(JSON.stringify(timeouts)); L52: this._timeouts = timeouts; ... L443: L444: // ../../node_modules/gaxios/package.json L445: var require_package = __commonJS({ ... L762: return; L763: } else if (obj instanceof FormData || obj instanceof URLSearchParams || // support `node-fetch` FormData/URLSearchParams L764: "forEach" in obj && "set" in obj) { ... L1368: if (!r2 && typeof process !== "undefined" && "env" in process) { L1369: r2 = process.env.DEBUG; L1370: }
High
Cloud Metadata Access

Source reaches cloud instance metadata or link-local credential endpoints.

dist/run-intake.mjsView on unpkg · L50
50Cross-file remote execution chain: dist/run-intake.mjs spawns dist/runner.mjs; helper contains network access plus dynamic code execution. L50: } L51: this._originalTimeouts = JSON.parse(JSON.stringify(timeouts)); L52: this._timeouts = timeouts; ... L443: L444: // ../../node_modules/gaxios/package.json L445: var require_package = __commonJS({ ... L762: return; L763: } else if (obj instanceof FormData || obj instanceof URLSearchParams || // support `node-fetch` FormData/URLSearchParams L764: "forEach" in obj && "set" in obj) { ... L1368: if (!r2 && typeof process !== "undefined" && "env" in process) { L1369: r2 = process.env.DEBUG; L1370: }
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/run-intake.mjsView on unpkg · L50
dist/runner.mjsView file
3816} L3817: var workspaceDir = process.env.WORKSPACE_DIR ?? process.cwd(); L3818: var baroBin = process.env.BARO_BIN ?? "baro"; ... L3823: const dir = mkdtempSync(join(tmpdir(), "baro-clone-")); L3824: const url2 = token2 ? `https://x-access-token:${token2}@github.com/${fullName}.git` : `https://github.com/${fullName}.git`; L3825: emit({ type: "story_log", agentId: "_git", data: { type: "story_log", id: "_git", line: `cloning ${fullName}\u2026` } }); L3826: const ch = spawn("git", ["clone", "--quiet", url2, dir], { stdio: "ignore" }); L3827: ch.on("close", (code) => code === 0 ? resolve(dir) : reject(new Error(`git clone exit ${code}`)));
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/runner.mjsView on unpkg · L3816
51kStatusCode: /* @__PURE__ */ Symbol("status-code"), L52: kWebSocket: /* @__PURE__ */ Symbol("websocket"), L53: NOOP: () => { ... L104: } else { L105: buf = Buffer.from(data); L106: toBuffer.readOnly = false; ... L116: }; L117: if (!process.env.WS_NO_BUFFER_UTIL) { L118: try { ... L168: * L169: * @private L170: */
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/runner.mjsView on unpkg · L51
dist/cli.mjsView file
8922} L8923: if (opts.baseURL) { L8924: opts.url = new URL(opts.url, opts.baseURL); ... L16882: var executable_response_1 = require_executable_response(); L16883: var childProcess = __require("child_process"); L16884: var fs4 = __require("fs"); ... L40780: function loadPrd(path6) { L40781: const raw = readFileSync(path6, "utf8"); L40782: const json = JSON.parse(raw);
High
Remote Agent Bridge

Source exposes local file and command tools to a remote model endpoint.

dist/cli.mjsView on unpkg · L8922
bin/baro.cmdView file
path = bin/baro.cmd kind = build_helper sizeBytes = 188 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

bin/baro.cmdView on unpkg
scripts/postinstall.jsView file
matchType = previous_version_dangerous_delta matchedPackage = baro-ai@0.70.2 matchedIdentity = npm:YmFyby1haQ:0.70.2 similarity = 1.000 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

scripts/postinstall.jsView on unpkg

Findings

1 Critical8 High5 Medium4 Low
CriticalPrevious Version Dangerous Deltascripts/postinstall.js
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processdist/run-intake.mjs
HighShell
HighSame File Env Network Executiondist/runner.mjs
HighSandbox Evasion Gated Capabilitydist/runner.mjs
HighCloud Metadata Accessdist/run-intake.mjs
HighRemote Agent Bridgedist/cli.mjs
HighCross File Remote Execution Contextdist/run-intake.mjs
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperbin/baro.cmd
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings