registry  /  impel-cli  /  0.11.0

impel-cli@0.11.0

Configure Claude Code and Codex CLI to talk to Impel's gateway, authenticated by an Impel Personal Access Token

Static Scan Results

scanned 1d ago · by rust-scanner

Static analysis completed at 93.0% confidence. No malicious behavior was detected; 11 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 35 file(s), 335 KB of source, external domains: apps.microsoft.com, claude.com, downloads.claude.ai, gateway.useimpel.ai, gateway.useimpel.com, persistent.oaistatic.com, registry.npmjs.org, www.apple.com, www.useimpel.com

Source & flagged code

4 flagged · loading source
src/updates.jsView file
11import path from "node:path"; L12: import { spawn } from "node:child_process"; L13: import { fileURLToPath } from "node:url";
High
Child Process

Package source references child process execution.

src/updates.jsView on unpkg · L11
11import path from "node:path"; L12: import { spawn } from "node:child_process"; L13: import { fileURLToPath } from "node:url"; ... L21: const DEFAULT_UPDATE_PACKAGE = "impel-cli"; L22: const DEFAULT_UPDATE_REGISTRY = "https://registry.npmjs.org"; L23: const VERSION_RE = /^(\d+)\.(\d+)\.(\d+)(?:-([0-9A-Za-z.-]+))?(?:\+[0-9A-Za-z.-]+)?$/u; ... L25: export function updatePackage() { L26: return process.env.IMPEL_UPDATE_PACKAGE || DEFAULT_UPDATE_PACKAGE; L27: }
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

src/updates.jsView on unpkg · L11
matchType = previous_version_dangerous_delta matchedPackage = impel-cli@0.7.2 matchedIdentity = npm:aW1wZWwtY2xp:0.7.2 similarity = 0.656 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

src/updates.jsView on unpkg
src/commands/update.jsView file
190if (io.platform === "win32") { L191: console.error(" Verify `npm --version` in PowerShell, then retry `impel update`."); L192: console.error(" Manual recovery: `npm install --global impel-cli@latest`.");
High
Shell

Package source references shell execution.

src/commands/update.jsView on unpkg · L190

Findings

4 High2 Medium5 Low
HighChild Processsrc/updates.js
HighShellsrc/commands/update.js
HighSame File Env Network Executionsrc/updates.js
HighPrevious Version Dangerous Deltasrc/updates.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License