registry  /  codehost  /  0.34.0

codehost@0.34.0

⚠ Under review

Run VS Code on any machine and reach it from **codehost.dev** over a direct peer-to-peer **WebRTC** connection — no public ingress, no reverse proxy, no port forwarding. The daemon behind your NAT and the browser tab connect directly; a tiny Cloudflare Wo

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 16 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNativeBindingsNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 86 file(s), 479 KB of source, external domains: 127.0.0.1, codehost.dev, github.com, gitlab.com, registry.npmjs.org, update.code.visualstudio.com, www.github.com

Source & flagged code

7 flagged · loading source
src/provision/index.test.tsView file
1import { afterEach, describe, expect, test } from "bun:test"; L2: import { execFileSync } from "node:child_process"; L3: import { existsSync, mkdtempSync, readFileSync, rmSync, writeFileSync } from "node:fs";
High
Child Process

Package source references child process execution.

src/provision/index.test.tsView on unpkg · L1
src/terminal-ws.tsView file
4* Each session wraps a bun-pty shell process with a 1MB replay buffer. L5: * Sessions persist across WebSocket disconnects so reconnecting clients L6: * get the full output history. ... L22: const OSC7_MARKER = 0x1b; L23: const textDecoder = new TextDecoder(); L24: L25: function extractOsc7Cwd(data: Uint8Array): string | null { L26: if (!data.includes(OSC7_MARKER)) return null; ... L43: writeFileSync( L44: join(ZDOTDIR, ".zshrc"), L45: `[[ -f "$HOME/.zshrc" ]] && source "$HOME/.zshrc" ... L65: env: {
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

src/terminal-ws.tsView on unpkg · L4
src/cli/oxmgr-heal.tsView file
64console.log("[codehost] fetching oxmgr's native binary…"); L65: const r = spawnSync(process.execPath, [script], { cwd: install.root, stdio: "inherit" }); L66: return r.status === 0 && existsSync(install.vendorBin); ... L75: const base = L76: process.env.OXMGR_DIST_BASE || L77: `https://github.com/${install.slug}/releases/download/v${install.version}`; L78: const url = `${base}/${archive}`;
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

src/cli/oxmgr-heal.tsView on unpkg · L64
src/cli/vscode-install.tsView file
165L166: const res = await fetch(manifest.url); L167: if (!res.ok) throw new Error(`download HTTP ${res.status}`); L168: await Bun.write(tmpArchive, res); L169: ... L178: const tarArgs = isZip ? ["-xf", tmpArchive] : ["-xzf", tmpArchive]; L179: const tar = spawnSync("tar", [...tarArgs, "-C", extractDir], { encoding: "utf8" }); L180: if (tar.status !== 0) { L181: throw new Error(`failed to extract VS Code archive: ${tar.stderr ?? tar.error?.message ?? "tar error"}`); L182: }
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

src/cli/vscode-install.tsView on unpkg · L165
src/cli/open-url.tsView file
1import { spawn } from "node:child_process"; L2: L3: /** Public codehost page that brokers the WebRTC handshake. */ L4: export const PAGE_URL = "https://codehost.dev"; L5: ... L19: try { L20: if (process.platform === "win32") { L21: // `start` is a cmd builtin; the empty "" is the (ignored) window title so ... L42: console.log(`[codehost] connect: ${url}`); L43: if (process.stdout.isTTY) { L44: console.log("[codehost] opening your browser…");
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

src/cli/open-url.tsView on unpkg · L1
public/install.shView file
path = public/install.sh kind = build_helper sizeBytes = 2860 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

public/install.shView on unpkg
src/provision/index.tsView file
matchType = previous_version_dangerous_delta matchedPackage = codehost@0.25.0 matchedIdentity = npm:Y29kZWhvc3Q:0.25.0 similarity = 0.784 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

src/provision/index.tsView on unpkg

Findings

1 Critical5 High5 Medium5 Low
CriticalPrevious Version Dangerous Deltasrc/provision/index.ts
HighChild Processsrc/provision/index.test.ts
HighShell
HighSame File Env Network Executionsrc/cli/oxmgr-heal.ts
HighCommand Output Exfiltrationsrc/cli/vscode-install.ts
HighSandbox Evasion Gated Capabilitysrc/cli/open-url.ts
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencesrc/terminal-ws.ts
MediumShips Build Helperpublic/install.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License