registry  /  prjct-cli  /  3.21.0

prjct-cli@3.21.0

⚠ Under review

Project memory and workflow context for AI coding agents.

Static Scan Results

scanned 1d ago · by rust-scanner

Static analysis flagged 19 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
WildcardDependency
scanned 7 file(s), 3.07 MB of source, external domains: 127.0.0.1, ai.google.dev, api.openai.com, api.voyageai.com, bun.sh, cli-api.prjct.app, cli.github.com, cli.prjct.app, cursor.com, docs.anthropic.com, docs.windsurf.com, gemini.google.com, geminicli.com, git-scm.com, github.com, keepachangelog.com, mcp.atlassian.com, mcp.linear.app, nodejs.org, openai.com, openrouter.ai, prjct.app, raw.githubusercontent.com, registry.npmjs.org, semver.org, windsurf.com, www.anthropic.com, www.prjct.app

Source & flagged code

10 flagged · loading source
bin/prjct.cjsView file
matchType = previous_version_dangerous_delta matchedPackage = prjct-cli@3.14.0 matchedIdentity = npm:cHJqY3QtY2xp:3.14.0 similarity = 0.571 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

bin/prjct.cjsView on unpkg
10L11: const childProcess = require('node:child_process') L12: const fs = require('node:fs')
High
Child Process

Package source references child process execution.

bin/prjct.cjsView on unpkg · L10
10L11: const childProcess = require('node:child_process') L12: const fs = require('node:fs')
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/prjct.cjsView on unpkg · L10
dist/bin/prjct-hooks.mjsView file
9`;await Be.writeFile(n,s,"utf-8")})}async function tt(n,e=""){try{return await Be.readFile(n,"utf-8")}catch(t){if(F(t))return e;throw t}}async function Ht(n,e){await ya(n,"file",as... L10: `).map(a=>a.replace(/^\s*-\s*['"]?|['"]?\s*$/g,"")).filter(Boolean))}else if(e==="npm"||e==="lerna"){let s=Me.join(n,"package.json"),i=JSON.parse(await Jn.readFile(s,"utf-8"));if(A... L11: -- =======================================================================
High
Shell

Package source references shell execution.

dist/bin/prjct-hooks.mjsView on unpkg · L9
8var Gs=Object.defineProperty;var rS=Object.getOwnPropertyDescriptor;var sS=Object.getOwnPropertyNames;var iS=Object.prototype.hasOwnProperty;var o=(n,e)=>Gs(n,"name",{value:e,confi... L9: `;await Be.writeFile(n,s,"utf-8")})}async function tt(n,e=""){try{return await Be.readFile(n,"utf-8")}catch(t){if(F(t))return e;throw t}}async function Ht(n,e){await ya(n,"file",as... L10: `).map(a=>a.replace(/^\s*-\s*['"]?|['"]?\s*$/g,"")).filter(Boolean))}else if(e==="npm"||e==="lerna"){let s=Me.join(n,"package.json"),i=JSON.parse(await Jn.readFile(s,"utf-8"));if(A... L11: -- =======================================================================
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/bin/prjct-hooks.mjsView on unpkg · L8
9`;await Be.writeFile(n,s,"utf-8")})}async function tt(n,e=""){try{return await Be.readFile(n,"utf-8")}catch(t){if(F(t))return e;throw t}}async function Ht(n,e){await ya(n,"file",as... L10: `).map(a=>a.replace(/^\s*-\s*['"]?|['"]?\s*$/g,"")).filter(Boolean))}else if(e==="npm"||e==="lerna"){let s=Me.join(n,"package.json"),i=JSON.parse(await Jn.readFile(s,"utf-8"));if(A... L11: -- =======================================================================
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/bin/prjct-hooks.mjsView on unpkg · L9
dist/bin/prjct-core.mjsView file
5Cross-file remote execution chain: dist/bin/prjct-core.mjs spawns dist/daemon/entry.mjs; helper contains network access plus dynamic code execution. L5: var __filename = __fileURLToPath(import.meta.url); L6: var __dirname = __pathDirname(__filename); L7: var cj=Object.create;var Xo=Object.defineProperty;var lj=Object.getOwnPropertyDescriptor;var uj=Object.getOwnPropertyNames;var dj=Object.getPrototypeOf,pj=Object.prototype.hasOwnPr... L8: `,"utf-8"),Xa=n,xd=Rk(Ka())}function _t(n){return Id()[n]}function _k(){return Id()}function De(n,e){let t=Id();e===void 0?delete t[n]:t[n]=e,Ej(t)}function Ak(n){De(n,void 0)}func... L9: `)}catch{}return o}async function za(){try{let n=new AbortController,e=setTimeout(()=>n.abort(),6e3),t=await fetch(Sj,{signal:n.signal});if(clearTimeout(e),!t.ok)return null;let r=... L10: `)}catch{}}var Dk,Ok,_j,$k,Pj,Od=h(()=>{"use strict";$n();ar();Ja();jd();Dk=Rj(bj),Ok=a(()=>zo.join(nt(),"state"),"stateDir"),_j=a(()=>zo.join(Ok(),"auto-update.log"),"logPath"),$k... ... L13: `)} L14: `}function qk(n){return`${["<!-- prjct:start - DO NOT REMOVE THIS MARKER -->","# p/ \u2014 Context layer for AI agents","","Skills auto-activate for: work, intent, ship, sync, g…
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/bin/prjct-core.mjsView on unpkg · L5
2278`,"utf-8"),await $t.writeFile(o,Pa(i),"utf-8"),await $t.writeFile(Ye.join(t,"latest-comparison.json"),`${JSON.stringify(i,null,2)} L2279: `,"utf-8"),i}function Sd(n){let e=n.repo.replace(/[^a-zA-Z0-9_.-]+/g,"-").replace(/^-+|-+$/g,"")||"unknown";return Ye.join(nt(),"evals",e)}async function Ow(n){try{return Nw.parse(... L2280: Project: \`${s.projectId}\`
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/bin/prjct-core.mjsView on unpkg · L2278
dist/bin/prjct.mjsView file
2import{connect}from"node:net";import{existsSync}from"node:fs";import{createHash,randomUUID}from"node:crypto";import{homedir}from"node:os";import{join,resolve}from"node:path"; L3: const cliHome=process.env.PRJCT_CLI_HOME?resolve(process.env.PRJCT_CLI_HOME):join(homedir(),".prjct-cli"); L4: const namedPipe=process.platform==="win32"; L5: const sockPath=namedPipe?"\\.\pipe\prjct-"+createHash("sha1").update(resolve(cliHome)).digest("hex").slice(0,16)+"-daemon":join(cliHome,"run","daemon.sock"); ... L20: const sock=connect(sockPath);let buf="",done=false; L21: const soft=()=>{if(!done){done=true;clearTimeout(t);sock.destroy();process.stdout.write("{}\n");process.exit(0)}}; L22: const t=setTimeout(soft,5000); L23: sock.on("connect",()=>sock.write(msg)); L24: sock.on("data",c=>{buf+=c.toString();const n=buf.indexOf("\n");if(n!==-1){const r=JSON.parse(buf.slice(0,n));if(r.retry){soft();return}done=true;clearTimeout(t);sock.end();if(r.std... L25: sock.on("error",soft);
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/bin/prjct.mjsView on unpkg · L2
scripts/install.shView file
path = scripts/install.sh kind = build_helper sizeBytes = 17075 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/install.shView on unpkg

Findings

1 Critical5 High6 Medium7 Low
CriticalPrevious Version Dangerous Deltabin/prjct.cjs
HighChild Processbin/prjct.cjs
HighShelldist/bin/prjct-hooks.mjs
HighSame File Env Network Executiondist/bin/prjct-hooks.mjs
HighCommand Output Exfiltrationdist/bin/prjct-hooks.mjs
HighCross File Remote Execution Contextdist/bin/prjct-core.mjs
MediumDynamic Requirebin/prjct.cjs
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperscripts/install.sh
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/bin/prjct-core.mjs
LowWeak Cryptodist/bin/prjct.mjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings