registry  /  prjct-cli  /  3.15.0

prjct-cli@3.15.0

⚠ Under review

Project memory and workflow context for AI coding agents.

Static Scan Results

scanned 2d ago · by rust-scanner

Static analysis flagged 20 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
WildcardDependency
scanned 7 file(s), 2.98 MB of source, external domains: 127.0.0.1, ai.google.dev, api.openai.com, api.voyageai.com, bun.sh, cli-api.prjct.app, cli.github.com, cli.prjct.app, cursor.com, docs.anthropic.com, docs.windsurf.com, gemini.google.com, geminicli.com, git-scm.com, github.com, keepachangelog.com, mcp.atlassian.com, mcp.linear.app, nodejs.org, openai.com, openrouter.ai, prjct.app, raw.githubusercontent.com, registry.npmjs.org, semver.org, windsurf.com, www.anthropic.com, www.prjct.app

Source & flagged code

11 flagged · loading source
bin/prjct.cjsView file
10L11: const childProcess = require('node:child_process') L12: const fs = require('node:fs')
High
Child Process

Package source references child process execution.

bin/prjct.cjsView on unpkg · L10
10L11: const childProcess = require('node:child_process') L12: const fs = require('node:fs') ... L19: const ROOT_DIR = path.resolve(SCRIPT_DIR, '..') L20: const HOME = process.env.HOME || process.env.USERPROFILE || os.homedir() L21: const CLI_HOME = process.env.PRJCT_CLI_HOME ... L30: function executableCandidates(command) { L31: if (process.platform !== 'win32') return [command] L32: const pathext = (process.env.PATHEXT || '.COM;.EXE;.BAT;.CMD') ... L123: try { L124: return JSON.parse(fs.readFileSync(path.join(ROOT_DIR, 'package.json'), 'utf-8')).version || '' L125: } catch {
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

bin/prjct.cjsView on unpkg · L10
10L11: const childProcess = require('node:child_process') L12: const fs = require('node:fs')
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/prjct.cjsView on unpkg · L10
dist/bin/prjct-hooks.mjsView file
matchType = previous_version_dangerous_delta matchedPackage = prjct-cli@3.14.0 matchedIdentity = npm:cHJqY3QtY2xp:3.14.0 similarity = 0.857 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

dist/bin/prjct-hooks.mjsView on unpkg
9`;await Xe.writeFile(n,s,"utf-8")})}async function tt(n,e=""){try{return await Xe.readFile(n,"utf-8")}catch(t){if(F(t))return e;throw t}}async function Ht(n,e){await la(n,"file",as... L10: `).map(o=>o.replace(/^\s*-\s*['"]?|['"]?\s*$/g,"")).filter(Boolean))}else if(e==="npm"||e==="lerna"){let s=Fe.join(n,"package.json"),i=JSON.parse(await Yn.readFile(s,"utf-8"));if(A... L11: -- =======================================================================
High
Shell

Package source references shell execution.

dist/bin/prjct-hooks.mjsView on unpkg · L9
8var $s=Object.defineProperty;var Fk=Object.getOwnPropertyDescriptor;var $k=Object.getOwnPropertyNames;var Uk=Object.prototype.hasOwnProperty;var a=(n,e)=>$s(n,"name",{value:e,confi... L9: `;await Xe.writeFile(n,s,"utf-8")})}async function tt(n,e=""){try{return await Xe.readFile(n,"utf-8")}catch(t){if(F(t))return e;throw t}}async function Ht(n,e){await la(n,"file",as... L10: `).map(o=>o.replace(/^\s*-\s*['"]?|['"]?\s*$/g,"")).filter(Boolean))}else if(e==="npm"||e==="lerna"){let s=Fe.join(n,"package.json"),i=JSON.parse(await Yn.readFile(s,"utf-8"));if(A... L11: -- =======================================================================
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/bin/prjct-hooks.mjsView on unpkg · L8
9`;await Xe.writeFile(n,s,"utf-8")})}async function tt(n,e=""){try{return await Xe.readFile(n,"utf-8")}catch(t){if(F(t))return e;throw t}}async function Ht(n,e){await la(n,"file",as... L10: `).map(o=>o.replace(/^\s*-\s*['"]?|['"]?\s*$/g,"")).filter(Boolean))}else if(e==="npm"||e==="lerna"){let s=Fe.join(n,"package.json"),i=JSON.parse(await Yn.readFile(s,"utf-8"));if(A... L11: -- =======================================================================
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/bin/prjct-hooks.mjsView on unpkg · L9
dist/bin/prjct-core.mjsView file
5Cross-file remote execution chain: dist/bin/prjct-core.mjs spawns dist/daemon/entry.mjs; helper contains network access plus dynamic code execution. L5: var __filename = __fileURLToPath(import.meta.url); L6: var __dirname = __pathDirname(__filename); L7: var NN=Object.create;var Wo=Object.defineProperty;var jN=Object.getOwnPropertyDescriptor;var DN=Object.getOwnPropertyNames;var ON=Object.getPrototypeOf,$N=Object.prototype.hasOwnPr... L8: `,"utf-8"),Fa=n,fd=nk(Ha())}function _t(n){return gd()[n]}function rk(){return gd()}function De(n,e){let t=gd();e===void 0?delete t[n]:t[n]=e,BN(t)}function sk(n){De(n,void 0)}func... L9: `)}catch{}return o}async function Wa(){try{let n=new AbortController,e=setTimeout(()=>n.abort(),6e3),t=await fetch(qN,{signal:n.signal});if(clearTimeout(e),!t.ok)return null;let r=... L10: `)}catch{}}var uk,dk,YN,pk,tj,Ed=h(()=>{"use strict";$n();ar();Ga();wd();uk=zN(KN),dk=a(()=>Vo.join(nt(),"state"),"stateDir"),YN=a(()=>Vo.join(dk(),"auto-update.log"),"logPath"),pk... ... L13: `)} L14: `}function Sk(n){return`${["<!-- prjct:start - DO NOT REMOVE THIS MARKER -->","# p/ \u2014 Context layer for AI agents","","Skills auto-activate for: work, intent, ship, sync, g…
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/bin/prjct-core.mjsView on unpkg · L5
2171`,"utf-8"),await $t.writeFile(o,ba(i),"utf-8"),await $t.writeFile(Ye.join(t,"latest-comparison.json"),`${JSON.stringify(i,null,2)} L2172: `,"utf-8"),i}function id(n){let e=n.repo.replace(/[^a-zA-Z0-9_.-]+/g,"-").replace(/^-+|-+$/g,"")||"unknown";return Ye.join(nt(),"evals",e)}async function dw(n){try{return cw.parse(... L2173: Project: \`${s.projectId}\`
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/bin/prjct-core.mjsView on unpkg · L2171
dist/bin/prjct.mjsView file
2import{connect}from"node:net";import{existsSync}from"node:fs";import{createHash,randomUUID}from"node:crypto";import{homedir}from"node:os";import{join,resolve}from"node:path"; L3: const cliHome=process.env.PRJCT_CLI_HOME?resolve(process.env.PRJCT_CLI_HOME):join(homedir(),".prjct-cli"); L4: const namedPipe=process.platform==="win32"; L5: const sockPath=namedPipe?"\\.\pipe\prjct-"+createHash("sha1").update(resolve(cliHome)).digest("hex").slice(0,16)+"-daemon":join(cliHome,"run","daemon.sock"); ... L20: const sock=connect(sockPath);let buf="",done=false; L21: const soft=()=>{if(!done){done=true;clearTimeout(t);sock.destroy();process.stdout.write("{}\n");process.exit(0)}}; L22: const t=setTimeout(soft,5000); L23: sock.on("connect",()=>sock.write(msg)); L24: sock.on("data",c=>{buf+=c.toString();const n=buf.indexOf("\n");if(n!==-1){const r=JSON.parse(buf.slice(0,n));if(r.retry){soft();return}done=true;clearTimeout(t);sock.end();if(r.std... L25: sock.on("error",soft);
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/bin/prjct.mjsView on unpkg · L2
scripts/install.shView file
path = scripts/install.sh kind = build_helper sizeBytes = 17075 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/install.shView on unpkg

Findings

1 Critical6 High6 Medium7 Low
CriticalPrevious Version Dangerous Deltadist/bin/prjct-hooks.mjs
HighChild Processbin/prjct.cjs
HighShelldist/bin/prjct-hooks.mjs
HighSame File Env Network Executiondist/bin/prjct-hooks.mjs
HighCommand Output Exfiltrationdist/bin/prjct-hooks.mjs
HighSandbox Evasion Gated Capabilitybin/prjct.cjs
HighCross File Remote Execution Contextdist/bin/prjct-core.mjs
MediumDynamic Requirebin/prjct.cjs
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperscripts/install.sh
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/bin/prjct-core.mjs
LowWeak Cryptodist/bin/prjct.mjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings