registry  /  makecoder  /  4.1.27

makecoder@4.1.27

MakeCoder Coder: AI Agent Runtime OS that runs and orchestrates Claude Code, Codex, Gemini and more across CLI, API, Web and chat

AI Security Review

scanned 5d ago · by lpm-firewall-ai

No confirmed malicious attack surface by static inspection. The package is an AI agent runtime with broad user-invoked capabilities and an install hook, but inspected install-time behavior is setup-oriented and not covert exfiltration or persistence.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm install runs postinstall; runtime behavior requires invoking coder commands/server
Impact
Installs/links helper tools and can configure local agent integrations when explicitly used; no confirmed unconsented data theft or control-surface mutation.
Mechanism
user-invoked agent runtime orchestration and setup
Rationale
Static inspection found risky primitives, native binaries, and agent-control features, but they match the package's declared AI runtime purpose and are user-invoked except for setup-only postinstall. No hidden credential/env/file harvesting or malicious install/import-time behavior was confirmed.
Evidence
package.jsonscripts/postinstall.jsdist/coder.jsdist/zod/v4-mini/index.cjsdist/linux-arm64/rgdist/linux-x64/cc.js
Network endpoints6
api.makecoder.com/v1cdn.makecoder.com/cdnuploads/claude-app/Claude-darwin-universal-1.12603.1.dmgskills.sh/api/searchapi.github.com/repos/raw.githubusercontent.com/registry.npmmirror.com/makecoder/latest

Decision evidence

public snapshot
AI called this Clean at 78.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • package.json has postinstall hook scripts/postinstall.js
  • scripts/postinstall.js can run npm install bun@latest and platform bun package if bun is missing
  • scripts/postinstall.js may symlink/copy bundled rg/ugrep/bfs into global npm bin only for global installs
  • dist/coder.js contains runtime agent orchestration that writes Claude/Desktop, skill, and config files when user invokes commands/API
Evidence against
  • scripts/postinstall.js does not read or transmit credentials, env dumps, project files, or host fingerprints
  • dist/coder.js network endpoints are product-aligned: api.makecoder.com, cdn.makecoder.com, skills.sh, GitHub, npm registry update check
  • Credential use in dist/coder.js is for user auth/config and gateway setup, not hidden exfiltration
  • AI-agent prompt/config mutations are activated by coder commands or local server routes, not silently at install/import
  • Scanner dynamic require in dist/zod/v4-mini/index.cjs is normal bundled library boilerplate
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNativeBindingsNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 477 file(s), 13.8 MB of source, external domains: 127.0.0.1, ai.google.dev, aiplatform.googleapis.com, api.github.com, api.makecoder.com, api.telegram.org, asdf.c, asdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdf.com, base64.guru, bugs.chromium.org, bun.sh, cdn.makecoder.com, chromestatus.com, chromewebstore.google.com, chromium.googlesource.com, chromiumdash.appspot.com, code.claude.com, datatracker.ietf.org, developer.chrome.com, developer.mozilla.org, developers.google.com, docs.expo.dev, docs.stripe.com, dotenvx.com, elevenlabs.io, empty.invalid, example.com, example.net.il, example.org, examples.com, fb.me, fburl.com, fedidcg.github.io, feross.org, ffmpeg.org, flow.makecoder.com, geminicli.com, github.com, goo.gle, google.com, html.spec.whatwg.org, huggingface.co, imagemagick.org, jimeng.jianying.com, jimmy.warting.se, jqlang.github.io, json-schema.org, jsonplaceholder.typicode.com, makecoder.com, mirrors.cloud.tencent.com
Oversized source lightweight scan
dist/darwin-arm64/cc.js15.8 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsNativeBindingsCryptoHighEntropyStringsMinifiedUrlStringsaiplatform.googleapis.comcode.claude.comdocs.expo.devgithub.com
dist/darwin-x64/cc.js15.8 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsNativeBindingsCryptoHighEntropyStringsMinifiedUrlStringsaiplatform.googleapis.comcode.claude.comdocs.expo.devgithub.com
dist/gemini/bundled/chrome-devtools-mcp.mjs11.1 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsShellHighEntropyStringsUrlStringschromewebstore.google.comgithub.comnodejs.org
dist/gemini/bundled/third_party/index.js7.62 MB file, sampled 256 KB
FilesystemNetworkChildProcessCryptoShellHighEntropyStringsUrlStringsbugs.chromium.orgchromestatus.comchromium.googlesource.comchromiumdash.appspot.comdatatracker.ietf.orgdeveloper.chrome.comdeveloper.mozilla.orgdevelopers.google.comfedidcg.github.iogithub.comgoo.glehtml.spec.whatwg.orgprivacycg.github.ioprivacysandbox.comweb.devwicg.github.iowww.chromium.orgwww.ietf.orgwww.rfc-editor.orgxhr.spec.whatwg.org
dist/gemini/chunk-GYTCBA2A.js7.61 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsEvalCryptoHighEntropyStringsMinifiedUrlStringsfeross.orggithub.comhuggingface.cojimmy.warting.sewww.apache.org
dist/gemini/chunk-PE6GLDYB.js7.58 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsEvalCryptoHighEntropyStringsMinifiedUrlStringsfeross.orggithub.comhuggingface.cojimmy.warting.sewww.apache.org
dist/linux-arm64/cc.js15.8 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsNativeBindingsCryptoHighEntropyStringsMinifiedUrlStringsaiplatform.googleapis.comcode.claude.comdocs.expo.devgithub.com
dist/linux-x64/cc.js15.8 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsNativeBindingsCryptoHighEntropyStringsMinifiedUrlStringsaiplatform.googleapis.comcode.claude.comdocs.expo.devgithub.com
dist/win32-x64/cc.js15.8 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsNativeBindingsCryptoHighEntropyStringsMinifiedUrlStringsaiplatform.googleapis.comcode.claude.comdocs.expo.devgithub.com

Source & flagged code

25 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
dist/gemini/tree-sitter-bash-GW2AIDO2.jsView file
2patternName = aws_access_key severity = critical line = 2 matchedText = import{g...lt};
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/gemini/tree-sitter-bash-GW2AIDO2.jsView on unpkg · L2
2patternName = aws_access_key severity = critical line = 2 matchedText = import{g...lt};
Critical
Secret Pattern

AWS access key ID in dist/gemini/tree-sitter-bash-GW2AIDO2.js

dist/gemini/tree-sitter-bash-GW2AIDO2.jsView on unpkg · L2
dist/coder.jsView file
1#!/usr/bin/env node L2: var Db=Object.create;var _d=Object.defineProperty;var Ob=Object.getOwnPropertyDescriptor;var Nb=Object.getOwnPropertyNames;var Rb=Object.getPrototypeOf,$b=Object.prototype.hasOwnPr... L3: `);return}typeof t=="string"?process.stdout.write(t+` ... L7: `),s&&process.stderr.write(`Hint: ${s} L8: `)}};Sd.exports={CoderContext:Yi,DEFAULT_BASE_URL:bd}});var ur=S((ZP,Td)=>{var{spawn:Fb}=require("child_process"),dr=require("path"),kd=require("fs"),Qi=class{constructor(t){this.c... L9: `);Id.exports={CODER_RUNTIME_PROMPT:qb}});var Ad=S((QP,xd)=>{var Gb=require("fs"),{CODER_RUNTIME_PROMPT:ta}=ea(),Bb=new Set(["agents","auth","auto-mode","config","doctor","install"... ... L12: L13: ${r}`),t}return[...t,"--append-system-prompt",ta]}xd.exports={withRuntimePrompt:Hb}});var Ld=S((eM,Cd)=>{var zb=ur(),{spawn:Xb,execFileSync:Kb}=require("child_process"),co=require(... L14: `))}_getBunPlatformPackage(){let t=process.platform,s=process.arch;return{"darwin-arm64":"@oven-sh/bun-darwin-aarch64","darwin-x64":"@oven-sh/bun-darwin-x64","linux-arm64":"@oven-s... ... L22: baseurl=${s||""} L23: `;return Ae.writeFileSync(`${l}.conf`,d,{mode:384}),process.env.CODER_DEBUG&&(console.lo
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

dist/coder.jsView on unpkg · L1
1#!/usr/bin/env node L2: var Db=Object.create;var _d=Object.defineProperty;var Ob=Object.getOwnPropertyDescriptor;var Nb=Object.getOwnPropertyNames;var Rb=Object.getPrototypeOf,$b=Object.prototype.hasOwnPr... L3: `);return}typeof t=="string"?process.stdout.write(t+` ... L7: `),s&&process.stderr.write(`Hint: ${s} L8: `)}};Sd.exports={CoderContext:Yi,DEFAULT_BASE_URL:bd}});var ur=S((ZP,Td)=>{var{spawn:Fb}=require("child_process"),dr=require("path"),kd=require("fs"),Qi=class{constructor(t){this.c... L9: `);Id.exports={CODER_RUNTIME_PROMPT:qb}});var Ad=S((QP,xd)=>{var Gb=require("fs"),{CODER_RUNTIME_PROMPT:ta}=ea(),Bb=new Set(["agents","auth","auto-mode","config","doctor","install"...
Critical
Command Output Exfiltration

Source executes local commands and sends command output to an external endpoint.

dist/coder.jsView on unpkg · L1
7`),s&&process.stderr.write(`Hint: ${s} L8: `)}};Sd.exports={CoderContext:Yi,DEFAULT_BASE_URL:bd}});var ur=S((ZP,Td)=>{var{spawn:Fb}=require("child_process"),dr=require("path"),kd=require("fs"),Qi=class{constructor(t){this.c... L9: `);Id.exports={CODER_RUNTIME_PROMPT:qb}});var Ad=S((QP,xd)=>{var Gb=require("fs"),{CODER_RUNTIME_PROMPT:ta}=ea(),Bb=new Set(["agents","auth","auto-mode","config","doctor","install"...
High
Child Process

Package source references child process execution.

dist/coder.jsView on unpkg · L7
339`),t.push("**Use `--format json` for structured data.**\n"),t.push("The default brief includes the commands needed for the core agent loop. For everything else, run `coder flow --h... L340: `),hI.platform()==="win32"?t.push("On Windows, **always write the comment body to a UTF-8 file with your file-write tool first, then post it with `--content-file <path>`** \u2014 d... L341: `),t.push("The following code repositories are available in this workspace."),t.push("Use `coder flow repo checkout <url>` to check out a repository into your working directory. Ad...
High
Shell

Package source references shell execution.

dist/coder.jsView on unpkg · L339
1#!/usr/bin/env node L2: var Db=Object.create;var _d=Object.defineProperty;var Ob=Object.getOwnPropertyDescriptor;var Nb=Object.getOwnPropertyNames;var Rb=Object.getPrototypeOf,$b=Object.prototype.hasOwnPr... L3: `);return}typeof t=="string"?process.stdout.write(t+` ... L7: `),s&&process.stderr.write(`Hint: ${s} L8: `)}};Sd.exports={CoderContext:Yi,DEFAULT_BASE_URL:bd}});var ur=S((ZP,Td)=>{var{spawn:Fb}=require("child_process"),dr=require("path"),kd=require("fs"),Qi=class{constructor(t){this.c... L9: `);Id.exports={CODER_RUNTIME_PROMPT:qb}});var Ad=S((QP,xd)=>{var Gb=require("fs"),{CODER_RUNTIME_PROMPT:ta}=ea(),Bb=new Set(["agents","auth","auto-mode","config","doctor","install"...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/coder.jsView on unpkg · L1
1#!/usr/bin/env node L2: var Db=Object.create;var _d=Object.defineProperty;var Ob=Object.getOwnPropertyDescriptor;var Nb=Object.getOwnPropertyNames;var Rb=Object.getPrototypeOf,$b=Object.prototype.hasOwnPr... L3: `);return}typeof t=="string"?process.stdout.write(t+` ... L7: `),s&&process.stderr.write(`Hint: ${s} L8: `)}};Sd.exports={CoderContext:Yi,DEFAULT_BASE_URL:bd}});var ur=S((ZP,Td)=>{var{spawn:Fb}=require("child_process"),dr=require("path"),kd=require("fs"),Qi=class{constructor(t){this.c... L9: `);Id.exports={CODER_RUNTIME_PROMPT:qb}});var Ad=S((QP,xd)=>{var Gb=require("fs"),{CODER_RUNTIME_PROMPT:ta}=ea(),Bb=new Set(["agents","auth","auto-mode","config","doctor","install"... ... L12: L13: ${r}`),t}return[...t,"--append-system-prompt",ta]}xd.exports={withRuntimePrompt:Hb}});var Ld=S((eM,Cd)=>{var zb=ur(),{spawn:Xb,execFileSync:Kb}=require("child_process"),co=require(... L14: `))}_getBunPlatformPackage(){let t=process.platform,s=process.arch;return{"darwin-arm64":"@oven-sh/bun-darwin-aarch64","darwin-x64":"@oven-sh/bun-darwin-x64","linux-arm64":"@oven-s... ... L22: baseurl=${s||""} L23: `;return Ae.writeFileSync(`${l}.conf`,d,{mode:384}),process.env.CODER_DEBUG&&(console.lo
High
Host Fingerprint Exfiltration

Source collects local host identity data and sends it to an external endpoint.

dist/coder.jsView on unpkg · L1
1#!/usr/bin/env node L2: var Db=Object.create;var _d=Object.defineProperty;var Ob=Object.getOwnPropertyDescriptor;var Nb=Object.getOwnPropertyNames;var Rb=Object.getPrototypeOf,$b=Object.prototype.hasOwnPr... L3: `);return}typeof t=="string"?process.stdout.write(t+` ... L7: `),s&&process.stderr.write(`Hint: ${s} L8: `)}};Sd.exports={CoderContext:Yi,DEFAULT_BASE_URL:bd}});var ur=S((ZP,Td)=>{var{spawn:Fb}=require("child_process"),dr=require("path"),kd=require("fs"),Qi=class{constructor(t){this.c... L9: `);Id.exports={CODER_RUNTIME_PROMPT:qb}});var Ad=S((QP,xd)=>{var Gb=require("fs"),{CODER_RUNTIME_PROMPT:ta}=ea(),Bb=new Set(["agents","auth","auto-mode","config","doctor","install"... ... L12: L13: ${r}`),t}return[...t,"--append-system-prompt",ta]}xd.exports={withRuntimePrompt:Hb}});var Ld=S((eM,Cd)=>{var zb=ur(),{spawn:Xb,execFileSync:Kb}=require("child_process"),co=require(... L14: `))}_getBunPlatformPackage(){let t=process.platform,s=process.arch;return{"darwin-arm64":"@oven-sh/bun-darwin-aarch64","darwin-x64":"@oven-sh/bun-darwin-x64","linux-arm64":"@oven-s... ... L22: baseurl=${s||""} L23: `;return Ae.writeFileSync(`${l}.conf`,d,{mode:384}),process.env.CODER_DEBUG&&(console.lo
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/coder.jsView on unpkg · L1
1#!/usr/bin/env node L2: var Db=Object.create;var _d=Object.defineProperty;var Ob=Object.getOwnPropertyDescriptor;var Nb=Object.getOwnPropertyNames;var Rb=Object.getPrototypeOf,$b=Object.prototype.hasOwnPr... L3: `);return}typeof t=="string"?process.stdout.write(t+` ... L7: `),s&&process.stderr.write(`Hint: ${s} L8: `)}};Sd.exports={CoderContext:Yi,DEFAULT_BASE_URL:bd}});var ur=S((ZP,Td)=>{var{spawn:Fb}=require("child_process"),dr=require("path"),kd=require("fs"),Qi=class{constructor(t){this.c... L9: `);Id.exports={CODER_RUNTIME_PROMPT:qb}});var Ad=S((QP,xd)=>{var Gb=require("fs"),{CODER_RUNTIME_PROMPT:ta}=ea(),Bb=new Set(["agents","auth","auto-mode","config","doctor","install"... ... L12: L13: ${r}`),t}return[...t,"--append-system-prompt",ta]}xd.exports={withRuntimePrompt:Hb}});var Ld=S((eM,Cd)=>{var zb=ur(),{spawn:Xb,execFileSync:Kb}=require("child_process"),co=require(... L14: `))}_getBunPlatformPackage(){let t=process.platform,s=process.arch;return{"darwin-arm64":"@oven-sh/bun-darwin-aarch64","darwin-x64":"@oven-sh/bun-darwin-x64","linux-arm64":"@oven-s... ... L22: baseurl=${s||""} L23: `;return Ae.writeFileSync(`${l}.conf`,d,{mode:384}),process.env.CODER_DEBUG&&(console.lo
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/coder.jsView on unpkg · L1
28patternName = generic_password severity = medium line = 28 matchedText = `)}}ou.e...in(`
Medium
Secret Pattern

Hardcoded password in dist/coder.js

dist/coder.jsView on unpkg · L28
1#!/usr/bin/env node L2: var Db=Object.create;var _d=Object.defineProperty;var Ob=Object.getOwnPropertyDescriptor;var Nb=Object.getOwnPropertyNames;var Rb=Object.getPrototypeOf,$b=Object.prototype.hasOwnPr... L3: `);return}typeof t=="string"?process.stdout.write(t+` ... L7: `),s&&process.stderr.write(`Hint: ${s} L8: `)}};Sd.exports={CoderContext:Yi,DEFAULT_BASE_URL:bd}});var ur=S((ZP,Td)=>{var{spawn:Fb}=require("child_process"),dr=require("path"),kd=require("fs"),Qi=class{constructor(t){this.c... L9: `);Id.exports={CODER_RUNTIME_PROMPT:qb}});var Ad=S((QP,xd)=>{var Gb=require("fs"),{CODER_RUNTIME_PROMPT:ta}=ea(),Bb=new Set(["agents","auth","auto-mode","config","doctor","install"... ... L12: L13: ${r}`),t}return[...t,"--append-system-prompt",ta]}xd.exports={withRuntimePrompt:Hb}});var Ld=S((eM,Cd)=>{var zb=ur(),{spawn:Xb,execFileSync:Kb}=require("child_process"),co=require(... L14: `))}_getBunPlatformPackage(){let t=process.platform,s=process.arch;return{"darwin-arm64":"@oven-sh/bun-darwin-aarch64","darwin-x64":"@oven-sh/bun-darwin-x64","linux-arm64":"@oven-s... ... L22: baseurl=${s||""} L23: `;return Ae.writeFileSync(`${l}.conf`,d,{mode:384}),process.env.CODER_DEBUG&&(console.lo
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/coder.jsView on unpkg · L1
dist/zod/v4-mini/index.cjsView file
16Object.defineProperty(exports, "__esModule", { value: true }); L17: __exportStar(require("../v4/mini/index.cjs"), exports);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/zod/v4-mini/index.cjsView on unpkg · L16
dist/linux-arm64/rgView file
path = dist/linux-arm64/rg kind = native_binary sizeBytes = 4543848 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

dist/linux-arm64/rgView on unpkg
dist/gemini/chunk-GYTCBA2A.jsView file
path = dist/gemini/chunk-GYTCBA2A.js kind = oversized_source_file sizeBytes = 7983738 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/gemini/chunk-GYTCBA2A.jsView on unpkg
dist/gemini/bundled/chrome-devtools-mcp.mjsView file
path = dist/gemini/bundled/chrome-devtools-mcp.mjs kind = oversized_cli_entrypoint sizeBytes = 11625049 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

dist/gemini/bundled/chrome-devtools-mcp.mjsView on unpkg
dist/zod/src/v4/mini/tests/string.test.tsView file
289patternName = supabase_service_key severity = critical line = 289 matchedText = "eyJhbGc...w5c"
Critical
Secret Pattern

Supabase service role key (JWT) in dist/zod/src/v4/mini/tests/string.test.ts

dist/zod/src/v4/mini/tests/string.test.tsView on unpkg · L289
292patternName = supabase_service_key severity = critical line = 292 matchedText = "eyJhbGc...w5c"
Critical
Secret Pattern

Supabase service role key (JWT) in dist/zod/src/v4/mini/tests/string.test.ts

dist/zod/src/v4/mini/tests/string.test.tsView on unpkg · L292
dist/zod/src/v4/classic/tests/refine.test.tsView file
66patternName = generic_password severity = medium line = 66 matchedText = password...aa",
Medium
Secret Pattern

Hardcoded password in dist/zod/src/v4/classic/tests/refine.test.ts

dist/zod/src/v4/classic/tests/refine.test.tsView on unpkg · L66
93patternName = generic_password severity = medium line = 93 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in dist/zod/src/v4/classic/tests/refine.test.ts

dist/zod/src/v4/classic/tests/refine.test.tsView on unpkg · L93
103patternName = generic_password severity = medium line = 103 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in dist/zod/src/v4/classic/tests/refine.test.ts

dist/zod/src/v4/classic/tests/refine.test.tsView on unpkg · L103
dist/zod/src/v3/tests/refine.test.tsView file
40patternName = generic_password severity = medium line = 40 matchedText = password...aa",
Medium
Secret Pattern

Hardcoded password in dist/zod/src/v3/tests/refine.test.ts

dist/zod/src/v3/tests/refine.test.tsView on unpkg · L40
74patternName = generic_password severity = medium line = 74 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in dist/zod/src/v3/tests/refine.test.ts

dist/zod/src/v3/tests/refine.test.tsView on unpkg · L74

Findings

6 Critical8 High14 Medium6 Low
CriticalCritical Secretdist/gemini/tree-sitter-bash-GW2AIDO2.js
CriticalCredential Exfiltrationdist/coder.js
CriticalCommand Output Exfiltrationdist/coder.js
CriticalSecret Patterndist/zod/src/v4/mini/tests/string.test.ts
CriticalSecret Patterndist/zod/src/v4/mini/tests/string.test.ts
CriticalSecret Patterndist/gemini/tree-sitter-bash-GW2AIDO2.js
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processdist/coder.js
HighShelldist/coder.js
HighSame File Env Network Executiondist/coder.js
HighHost Fingerprint Exfiltrationdist/coder.js
HighSandbox Evasion Gated Capabilitydist/coder.js
HighObfuscated
HighOversized Source Filedist/gemini/chunk-GYTCBA2A.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requiredist/zod/v4-mini/index.cjs
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/coder.js
MediumShips Native Binarydist/linux-arm64/rg
MediumOversized Cli Entrypointdist/gemini/bundled/chrome-devtools-mcp.mjs
MediumStructural Risk Force Deep Review
MediumSecret Patterndist/zod/src/v4/classic/tests/refine.test.ts
MediumSecret Patterndist/zod/src/v4/classic/tests/refine.test.ts
MediumSecret Patterndist/zod/src/v4/classic/tests/refine.test.ts
MediumSecret Patterndist/zod/src/v3/tests/refine.test.ts
MediumSecret Patterndist/zod/src/v3/tests/refine.test.ts
MediumSecret Patterndist/coder.js
LowScripts Present
LowEval
LowWeak Cryptodist/coder.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings