registry  /  prjct-cli  /  3.12.2

prjct-cli@3.12.2

⚠ Under review

Project memory and workflow context for AI coding agents.

Static Scan Results

scanned 2d ago · by rust-scanner

Static analysis flagged 19 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
WildcardDependency
scanned 7 file(s), 3.10 MB of source, external domains: 127.0.0.1, ai.google.dev, api.openai.com, api.voyageai.com, bun.sh, cli-api.prjct.app, cli.github.com, cli.prjct.app, cursor.com, docs.anthropic.com, docs.windsurf.com, gemini.google.com, geminicli.com, git-scm.com, github.com, keepachangelog.com, mcp.atlassian.com, mcp.linear.app, nodejs.org, openai.com, openrouter.ai, prjct.app, raw.githubusercontent.com, registry.npmjs.org, semver.org, windsurf.com, www.anthropic.com, www.prjct.app

Source & flagged code

10 flagged · loading source
bin/prjct.cjsView file
matchType = previous_version_dangerous_delta matchedPackage = prjct-cli@3.14.0 matchedIdentity = npm:cHJqY3QtY2xp:3.14.0 similarity = 0.429 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

bin/prjct.cjsView on unpkg
10L11: const childProcess = require('node:child_process') L12: const fs = require('node:fs')
High
Child Process

Package source references child process execution.

bin/prjct.cjsView on unpkg · L10
10L11: const childProcess = require('node:child_process') L12: const fs = require('node:fs') ... L18: const ROOT_DIR = path.resolve(SCRIPT_DIR, '..') L19: const HOME = process.env.HOME || process.env.USERPROFILE || os.homedir() L20: const CLI_HOME = process.env.PRJCT_CLI_HOME ... L29: function executableCandidates(command) { L30: if (process.platform !== 'win32') return [command] L31: const pathext = (process.env.PATHEXT || '.COM;.EXE;.BAT;.CMD') ... L122: try { L123: return JSON.parse(fs.readFileSync(path.join(ROOT_DIR, 'package.json'), 'utf-8')).version || '' L124: } catch {
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

bin/prjct.cjsView on unpkg · L10
dist/bin/prjct-hooks.mjsView file
10`).map(o=>o.replace(/^\s*-\s*['"]?|['"]?\s*$/g,"")).filter(Boolean))}else if(e==="npm"||e==="lerna"){let s=Je.join(n,"package.json"),i=JSON.parse(await Ar.readFile(s,"utf-8"));if(A... L11: `,"utf-8"),qi=n,Oc=Im(jc())}function st(n){return Dm()[n]}function Ms(n,e){let t=Dm();e===void 0?delete t[n]:t[n]=e,ZT(t)}var qi,Oc,Xi=f(()=>{"use strict";hn();a(Pm,"configDir");a(... L12: `)[0];if(s?.startsWith("worktree "))return s.replace("worktree ","").trim()}catch{}let{stdout:t}=await O("git rev-parse --show-toplevel",{cwd:e});return t.trim()}async setup(e,t){l...
High
Shell

Package source references shell execution.

dist/bin/prjct-hooks.mjsView on unpkg · L10
8var Fi=Object.defineProperty;var HT=Object.getOwnPropertyDescriptor;var UT=Object.getOwnPropertyNames;var WT=Object.prototype.hasOwnProperty;var a=(n,e)=>Fi(n,"name",{value:e,confi... L9: `;await Ye.writeFile(n,s,"utf-8")})}async function ht(n,e=""){try{return await Ye.readFile(n,"utf-8")}catch(t){if($(t))return e;throw t}}async function mn(n,e){await Ic(n,"file",as... L10: `).map(o=>o.replace(/^\s*-\s*['"]?|['"]?\s*$/g,"")).filter(Boolean))}else if(e==="npm"||e==="lerna"){let s=Je.join(n,"package.json"),i=JSON.parse(await Ar.readFile(s,"utf-8"));if(A... L11: `,"utf-8"),qi=n,Oc=Im(jc())}function st(n){return Dm()[n]}function Ms(n,e){let t=Dm();e===void 0?delete t[n]:t[n]=e,ZT(t)}var qi,Oc,Xi=f(()=>{"use strict";hn();a(Pm,"configDir");a(... L12: `)[0];if(s?.startsWith("worktree "))return s.replace("worktree ","").trim()}catch{}let{stdout:t}=await O("git rev-parse --show-toplevel",{cwd:e});return t.trim()}async setup(e,t){l... ... L14: `);for(let i of s){if(!i.trim())continue;let o=i.trim().split(` L15: `),c="",l="",u="",d=!1;for(let p of o)p.startsWith("worktree ")?c=p.replace("worktree ","").trim():p.startsWith("HEAD ")?l=p.replace("HEAD ","").trim():p.startsWith("branch ")?u=p
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/bin/prjct-hooks.mjsView on unpkg · L8
10`).map(o=>o.replace(/^\s*-\s*['"]?|['"]?\s*$/g,"")).filter(Boolean))}else if(e==="npm"||e==="lerna"){let s=Je.join(n,"package.json"),i=JSON.parse(await Ar.readFile(s,"utf-8"));if(A... L11: `,"utf-8"),qi=n,Oc=Im(jc())}function st(n){return Dm()[n]}function Ms(n,e){let t=Dm();e===void 0?delete t[n]:t[n]=e,ZT(t)}var qi,Oc,Xi=f(()=>{"use strict";hn();a(Pm,"configDir");a(... L12: `)[0];if(s?.startsWith("worktree "))return s.replace("worktree ","").trim()}catch{}let{stdout:t}=await O("git rev-parse --show-toplevel",{cwd:e});return t.trim()}async setup(e,t){l... ... L14: `);for(let i of s){if(!i.trim())continue;let o=i.trim().split(` L15: `),c="",l="",u="",d=!1;for(let p of o)p.startsWith("worktree ")?c=p.replace("worktree ","").trim():p.startsWith("HEAD ")?l=p.replace("HEAD ","").trim():p.startsWith("branch ")?u=p.... L16: -- =======================================================================
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/bin/prjct-hooks.mjsView on unpkg · L10
dist/bin/prjct-core.mjsView file
5Cross-file remote execution chain: dist/bin/prjct-core.mjs spawns dist/daemon/entry.mjs; helper contains network access plus dynamic code execution. L5: var __filename = __fileURLToPath(import.meta.url); L6: var __dirname = __pathDirname(__filename); L7: var _D=Object.create;var Ni=Object.defineProperty;var jD=Object.getOwnPropertyDescriptor;var ID=Object.getOwnPropertyNames;var $D=Object.getPrototypeOf,DD=Object.prototype.hasOwnPr... L8: `,"utf-8"),Lc=n,Up=Zb(Hc())}function St(n){return Wp()[n]}function ev(){return Wp()}function Ne(n,e){let t=Wp();e===void 0?delete t[n]:t[n]=e,WD(t)}function Gp(n){Ne(n,void 0)}func... L9: `)}catch{}return o}async function Uc(){try{let n=new AbortController,e=setTimeout(()=>n.abort(),6e3),t=await fetch(GD,{signal:n.signal});if(clearTimeout(e),!t.ok)return null;let r=... L10: `)}catch{}}var iv,av,XD,cv,ZD,Kp=h(()=>{"use strict";sr();Or();Fi();Vp();iv=KD(VD),av=a(()=>Ui.join(at(),"state"),"stateDir"),XD=a(()=>Ui.join(av(),"auto-update.log"),"logPath"),cv... ... L13: `)} L14: `}function bv(n){return`${["<!-- prjct:start - DO NOT REMOVE THIS MARKER -->","# p/ \u2014 Context layer for AI agents","","Skills auto-activate for: work, intent, ship, sync, g…
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/bin/prjct-core.mjsView on unpkg · L5
1924`,"utf-8"),await zt.writeFile(o,kc(i),"utf-8"),await zt.writeFile(rt.join(t,"latest-comparison.json"),`${JSON.stringify(i,null,2)} L1925: `,"utf-8"),i}function xp(n){let e=n.repo.replace(/[^a-zA-Z0-9_.-]+/g,"-").replace(/^-+|-+$/g,"")||"unknown";return rt.join(at(),"evals",e)}async function lb(n){try{return ib.parse(... L1926: Project: \`${s.projectId}\`
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/bin/prjct-core.mjsView on unpkg · L1924
dist/bin/prjct.mjsView file
2import{connect}from"node:net";import{existsSync}from"node:fs";import{createHash,randomUUID}from"node:crypto";import{homedir}from"node:os";import{join,resolve}from"node:path"; L3: const cliHome=process.env.PRJCT_CLI_HOME?resolve(process.env.PRJCT_CLI_HOME):join(homedir(),".prjct-cli"); L4: const namedPipe=process.platform==="win32"; L5: const sockPath=namedPipe?"\\.\pipe\prjct-"+createHash("sha1").update(resolve(cliHome)).digest("hex").slice(0,16)+"-daemon":join(cliHome,"run","daemon.sock"); ... L20: const sock=connect(sockPath);let buf="",done=false; L21: const soft=()=>{if(!done){done=true;clearTimeout(t);sock.destroy();process.stdout.write("{}\n");process.exit(0)}}; L22: const t=setTimeout(soft,5000); L23: sock.on("connect",()=>sock.write(msg)); L24: sock.on("data",c=>{buf+=c.toString();const n=buf.indexOf("\n");if(n!==-1){const r=JSON.parse(buf.slice(0,n));if(r.retry){soft();return}done=true;clearTimeout(t);sock.end();if(r.std... L25: sock.on("error",soft);
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/bin/prjct.mjsView on unpkg · L2
scripts/install.shView file
path = scripts/install.sh kind = build_helper sizeBytes = 17075 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/install.shView on unpkg

Findings

1 Critical6 High5 Medium7 Low
CriticalPrevious Version Dangerous Deltabin/prjct.cjs
HighChild Processbin/prjct.cjs
HighShelldist/bin/prjct-hooks.mjs
HighSame File Env Network Executiondist/bin/prjct-hooks.mjs
HighCommand Output Exfiltrationdist/bin/prjct-hooks.mjs
HighSandbox Evasion Gated Capabilitybin/prjct.cjs
HighCross File Remote Execution Contextdist/bin/prjct-core.mjs
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperscripts/install.sh
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/bin/prjct-core.mjs
LowWeak Cryptodist/bin/prjct.mjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings