registry  /  eve  /  0.20.0

eve@0.20.0

⚠ Under review

Filesystem-first framework for durable backend AI agents that run anywhere.

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 25 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNativeBindingsNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
ManifestNo manifest risk signals triggered.
scanned 893 file(s), 7.41 MB of source, external domains: 127.0.0.1, adaptivecards.io, ai-gateway.vercel.sh, ai.google.dev, api.anthropic.com, api.botframework.com, api.example.com, api.github.com, api.linear.app, api.notion.com, api.openai.com, api.telegram.org, api.twilio.com, api.vercel.com, developers.notion.com, discord.com, docs.cloud.google.com, docs.slack.dev, eve.dev, example.com, foo.com, generativelanguage.googleapis.com, github.com, google.aip.dev, json-schema.org, json.schemastore.org, login.botframework.com, login.microsoftonline.com, mcp.datadoghq.com, mcp.example.com, mcp.honeycomb.io, mcp.linear.app, mcp.notion.com, nextjs.org, oidc.vercel.com, openapi.vercel.sh, slack.com, ui.shadcn.com, vercel-workflow.com, vercel.com, workflow-sdk.dev, workflow.invalid, www.w3.org

Source & flagged code

15 flagged · loading source
dist/src/compiled/experimental-ai-sdk-code-mode/index.jsView file
4patternName = aws_access_key severity = critical line = 4 matchedText = }`)?t:r....E=";
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/src/compiled/experimental-ai-sdk-code-mode/index.jsView on unpkg · L4
4patternName = aws_access_key severity = critical line = 4 matchedText = }`)?t:r....E=";
Critical
Secret Pattern

AWS access key ID in dist/src/compiled/experimental-ai-sdk-code-mode/index.js

dist/src/compiled/experimental-ai-sdk-code-mode/index.jsView on unpkg · L4
bin/eve.jsView file
2L3: import { spawn } from "node:child_process"; L4: import { access, readdir, realpath, stat } from "node:fs/promises";
High
Child Process

Package source references child process execution.

bin/eve.jsView on unpkg · L2
2Cross-file remote execution chain: bin/eve.js spawns dist/src/compiled/experimental-ai-sdk-code-mode/index.js; helper contains network access plus dynamic code execution. L2: L3: import { spawn } from "node:child_process"; L4: import { access, readdir, realpath, stat } from "node:fs/promises"; ... L9: const require = createRequire(import.meta.url); L10: const packageJson = require("../package.json"); L11: const packageNodeEngine = packageJson.engines?.node; ... L350: } L351: process.exitCode = 1; L352: } finally {
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

bin/eve.jsView on unpkg · L2
8L9: const require = createRequire(import.meta.url); L10: const packageJson = require("../package.json");
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/eve.jsView on unpkg · L8
dist/src/compiled/gray-matter/index.jsView file
44contains invisible/control Unicode U+FEFF (zero width no-break space) }());`),eval(str)||{}}catch(e){if(wrap!==!1&&/(unexpected|identifier)/i.test(e.message))return parse(str,options,!1);throw SyntaxError(e)}},stringify:function(){throw Error(`stringifying JavaScript is not supported`)}}})),require_strip_bom_
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

dist/src/compiled/gray-matter/index.jsView on unpkg · L44
43return `+str.trim()+`; L44: }());`),eval(str)||{}}catch(e){if(wrap!==!1&&/(unexpected|identifier)/i.test(e.message))return parse(str,options,!1);throw SyntaxError(e)}},stringify:function(){throw Error(`string... L45: `?e:e+`
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/src/compiled/gray-matter/index.jsView on unpkg · L43
dist/src/compiled/@workflow/core/runtime.jsView file
1import{a as e,i as t,t as n}from"../../_chunks/workflow/chunk-BHKSVoKr.js";import{a as r,d as i,f as a,l as o,n as s,r as c,t as l,u}from"../../_chunks/workflow/dist-FLIfyJ4Y.js";i... L2: `).slice(1);for(let e of t){if(!e.trim())continue;let t=e.trim().split(/\s+/);if(t.length<10)continue;let n=t[1],i=t[3],o=t[9];if(!n||i!==`0A`||!o||!r.has(o))continue;let s=n.index... L3: `);for(let e of r)if(e.includes(`LISTEN`)){let t=e.trim().split(/\s+/)[8];if(t){let e=t.lastIndexOf(`:`);if(e!==-1){let r=Nr(t.slice(e+1));r!==void 0&&n.push(r)}}}return n}catch{re... L4: `);for(let t of e){let e=t.trim().match(/^\s*TCP\s+(?:\[[\da-f:]+\]|[\d.]+):(\d+)\s+/i);if(e){let t=Nr(e[1]);t!==void 0&&n.push(t)}}}return n}catch{return[]}}async function Rr(){le... L5: `)||e.includes(`\r`)||e.includes(`\0`))===!1}function j(e){let t=(e.headersList.get(`referrer-policy`,!0)??``).split(`,`),n=``;if(t.length)for(let e=t.length;e!==0;e--){let r=t[e-1...
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/src/compiled/@workflow/core/runtime.jsView on unpkg · L1
1import{a as e,i as t,t as n}from"../../_chunks/workflow/chunk-BHKSVoKr.js";import{a as r,d as i,f as a,l as o,n as s,r as c,t as l,u}from"../../_chunks/workflow/dist-FLIfyJ4Y.js";i... L2: `).slice(1);for(let e of t){if(!e.trim())continue;let t=e.trim().split(/\s+/);if(t.length<10)continue;let n=t[1],i=t[3],o=t[9];if(!n||i!==`0A`||!o||!r.has(o))continue;let s=n.index... L3: `);for(let e of r)if(e.includes(`LISTEN`)){let t=e.trim().split(/\s+/)[8];if(t){let e=t.lastIndexOf(`:`);if(e!==-1){let r=Nr(t.slice(e+1));r!==void 0&&n.push(r)}}}return n}catch{re... L4: `);for(let t of e){let e=t.trim().match(/^\s*TCP\s+(?:\[[\da-f:]+\]|[\d.]+):(\d+)\s+/i);if(e){let t=Nr(e[1]);t!==void 0&&n.push(t)}}}return n}catch{return[]}}async function Rr(){le... L5: `)||e.includes(`\r`)||e.includes(`\0`))===!1}function j(e){let t=(e.headersList.get(`referrer-policy`,!0)??``).split(`,`),n=``;if(t.length)for(let e=t.length;e!==0;e--){let r=t[e-1... ... L12: \r L13: `,`latin1`),t!==null&&r!==t){if(n[ne])throw new s;process.emitWarning(new s)}e[b].timeout&&e[b].timeoutType===3&&e[b].timeout.refresh&&e[b].timeout.refresh(),n[oe]()}}destroy(e){le... L14: PRAGMA journal_mode = WAL; ... L97: `).slice(1).join(`
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

dist/src/compiled/@workflow/core/runtime.jsView on unpkg · L1
1import{a as e,i as t,t as n}from"../../_chunks/workflow/chunk-BHKSVoKr.js";import{a as r,d as i,f as a,l as o,n as s,r as c,t as l,u}from"../../_chunks/workflow/dist-FLIfyJ4Y.js";i... L2: `).slice(1);for(let e of t){if(!e.trim())continue;let t=e.trim().split(/\s+/);if(t.length<10)continue;let n=t[1],i=t[3],o=t[9];if(!n||i!==`0A`||!o||!r.has(o))continue;let s=n.index... L3: `);for(let e of r)if(e.includes(`LISTEN`)){let t=e.trim().split(/\s+/)[8];if(t){let e=t.lastIndexOf(`:`);if(e!==-1){let r=Nr(t.slice(e+1));r!==void 0&&n.push(r)}}}return n}catch{re... L4: `);for(let t of e){let e=t.trim().match(/^\s*TCP\s+(?:\[[\da-f:]+\]|[\d.]+):(\d+)\s+/i);if(e){let t=Nr(e[1]);t!==void 0&&n.push(t)}}}return n}catch{return[]}}async function Rr(){le... L5: `)||e.includes(`\r`)||e.includes(`\0`))===!1}function j(e){let t=(e.headersList.get(`referrer-policy`,!0)??``).split(`,`),n=``;if(t.length)for(let e=t.length;e!==0;e--){let r=t[e-1... ... L12: \r L13: `,`latin1`),t!==null&&r!==t){if(n[ne])throw new s;process.emitWarning(new s)}e[b].timeout&&e[b].timeoutType===3&&e[b].timeout.refresh&&e[b].timeout.refresh(),n[oe]()}}destroy(e){le... L14: PRAGMA journal_mode = WAL; ... L97: `).slice(1).join(`
Medium
Unsafe Vm Context

Package source executes code through a VM context API.

dist/src/compiled/@workflow/core/runtime.jsView on unpkg · L1
dist/src/internal/authored-module-loader.jsView file
1import{createRequire}from"node:module";import{expectObjectRecord}from"#internal/authored-module.js";import{existsSync,mkdirSync,realpathSync,statSync,writeFileSync}from"node:fs";im... L2: `),moduleType:`js`}}}:null,[redacted]({extensions:RESOLVE_EXTENSIONS}),createAuthoredAssetImportPlugin(),[redacted]...
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/src/internal/authored-module-loader.jsView on unpkg · L1
dist/src/internal/nitro/host/start-production-server.jsView file
1import{EVE_HEALTH_ROUTE_PATH}from"#protocol/routes.js";import{existsSync}from"node:fs";import{join,resolve}from"node:path";import{spawn}from"node:child_process";import{loadDevelopm... L2: `))}async function terminate(e){e.exitCode!==null||e.killed||(e.kill(`SIGTERM`),await Promise.race([once(e,`exit`),setTimeout(2e4).then(()=>`timeout`)])===`timeout`&&e.exitCode===n...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/src/internal/nitro/host/start-production-server.jsView on unpkg · L1
dist/src/compiled/@vercel/sandbox/index.jsView file
1import{c as e,n as t,o as n,r,t as i}from"../../_chunks/node/dist-BdTs18CF.js";import{n as a,t as o}from"../../_chunks/node/retry-DkR2H1Y0.js";import{a as s,c,d as l,f as u,i as d,... L2: `)||e.includes(`\r`)||e.includes(`\0`))===!1}function j(e){let t=(e.headersList.get(`referrer-policy`,!0)??``).split(`,`),n=``;if(t.length)for(let e=t.length;e!==0;e--){let r=t[e-1... ... L4: `),a=[],o=new Uint8Array([13,10]);l=0;let u=!1;for(let[t,s]of e)if(typeof s==`string`){let e=S.encode(n+`; name="${r(i(t))}"\r\n\r\n${i(s)}\r\n`);a.push(e),l+=e.byteLength}else{let... L5: Content-Type: ${s.type||`application/octet-stream`}\r\n\r\n`);a.push(e,s,o),typeof s.size==`number`?l+=e.byteLength+s.size+o.byteLength:u=!0}let d=S.encode(`--${t}--\r\n`);a.push(d... L6: `:C+=`connection: close\r ... L9: \r L10: `,`latin1`),t!==null&&r!==t){if(n[W])throw new s;process.emitWarning(new s)}e[b].timeout&&e[b].timeoutType===3&&e[b].timeout.refresh&&e[b].timeout.refresh(),n[se]()}}destroy(e){let... L11: PRAGMA journal_mode = WAL; ... L94: `).slice(1).join(` L95: `);e.stack=n?`${n}\n${a}`:i.stack}t.exports.fetch=function(e,n=void 0){return M(e,n).catch(e=>{throw N?P(e,N):e&&typeof e==`object`&&Error.captureSta
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/src/compiled/@vercel/sandbox/index.jsView on unpkg · L1
dist/src/runtime/connections/mcp-client.jsView file
matchType = previous_version_dangerous_delta matchedPackage = eve@0.19.0 matchedIdentity = npm:ZXZl:0.19.0 similarity = 0.950 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/src/runtime/connections/mcp-client.jsView on unpkg
dist/src/compiled/jose/index.jsView file
2patternName = private_key_rsa severity = critical line = 2 matchedText = `)}\n---...fy};
Critical
Secret Pattern

RSA private key in dist/src/compiled/jose/index.js

dist/src/compiled/jose/index.jsView on unpkg · L2

Findings

5 Critical7 High6 Medium7 Low
CriticalCritical Secretdist/src/compiled/experimental-ai-sdk-code-mode/index.js
CriticalTrojan Source Unicodedist/src/compiled/gray-matter/index.js
CriticalPrevious Version Dangerous Deltadist/src/runtime/connections/mcp-client.js
CriticalSecret Patterndist/src/compiled/experimental-ai-sdk-code-mode/index.js
CriticalSecret Patterndist/src/compiled/jose/index.js
HighChild Processbin/eve.js
HighShell
HighSame File Env Network Executiondist/src/internal/nitro/host/start-production-server.js
HighCommand Output Exfiltrationdist/src/compiled/@workflow/core/runtime.js
HighSandbox Evasion Gated Capabilitydist/src/compiled/@vercel/sandbox/index.js
HighObfuscated Payload Loaderdist/src/compiled/@workflow/core/runtime.js
HighCross File Remote Execution Contextbin/eve.js
MediumDynamic Requirebin/eve.js
MediumUnsafe Vm Contextdist/src/compiled/@workflow/core/runtime.js
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvaldist/src/compiled/gray-matter/index.js
LowWeak Cryptodist/src/internal/authored-module-loader.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings