registry  /  prjct-cli  /  3.24.2

prjct-cli@3.24.2

⚠ Under review

Project memory and workflow context for AI coding agents.

Static Scan Results

scanned 1d ago · by rust-scanner

Static analysis flagged 19 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
WildcardDependency
scanned 7 file(s), 3.10 MB of source, external domains: 127.0.0.1, ai.google.dev, api.openai.com, api.voyageai.com, bun.sh, cli-api.prjct.app, cli.github.com, cli.prjct.app, cursor.com, docs.anthropic.com, docs.windsurf.com, gemini.google.com, geminicli.com, git-scm.com, github.com, keepachangelog.com, mcp.atlassian.com, mcp.linear.app, nodejs.org, openai.com, openrouter.ai, prjct.app, raw.githubusercontent.com, registry.npmjs.org, semver.org, windsurf.com, www.anthropic.com, www.prjct.app

Source & flagged code

10 flagged · loading source
bin/prjct.cjsView file
matchType = previous_version_dangerous_delta matchedPackage = prjct-cli@3.14.0 matchedIdentity = npm:cHJqY3QtY2xp:3.14.0 similarity = 0.714 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

bin/prjct.cjsView on unpkg
10L11: const childProcess = require('node:child_process') L12: const fs = require('node:fs')
High
Child Process

Package source references child process execution.

bin/prjct.cjsView on unpkg · L10
10L11: const childProcess = require('node:child_process') L12: const fs = require('node:fs')
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/prjct.cjsView on unpkg · L10
dist/bin/prjct-hooks.mjsView file
9`;await We.writeFile(n,s,"utf-8")})}async function Ze(n,e=""){try{return await We.readFile(n,"utf-8")}catch(t){if(U(t))return e;throw t}}async function Wt(n,e){await _a(n,"file",as... L10: `).map(o=>o.replace(/^\s*-\s*['"]?|['"]?\s*$/g,"")).filter(Boolean))}else if(e==="npm"||e==="lerna"){let s=je.join(n,"package.json"),i=JSON.parse(await Qn.readFile(s,"utf-8"));if(A... L11: -- =======================================================================
High
Shell

Package source references shell execution.

dist/bin/prjct-hooks.mjsView on unpkg · L9
8var Vs=Object.defineProperty;var uS=Object.getOwnPropertyDescriptor;var dS=Object.getOwnPropertyNames;var pS=Object.prototype.hasOwnProperty;var a=(n,e)=>Vs(n,"name",{value:e,confi... L9: `;await We.writeFile(n,s,"utf-8")})}async function Ze(n,e=""){try{return await We.readFile(n,"utf-8")}catch(t){if(U(t))return e;throw t}}async function Wt(n,e){await _a(n,"file",as... L10: `).map(o=>o.replace(/^\s*-\s*['"]?|['"]?\s*$/g,"")).filter(Boolean))}else if(e==="npm"||e==="lerna"){let s=je.join(n,"package.json"),i=JSON.parse(await Qn.readFile(s,"utf-8"));if(A... L11: -- =======================================================================
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/bin/prjct-hooks.mjsView on unpkg · L8
9`;await We.writeFile(n,s,"utf-8")})}async function Ze(n,e=""){try{return await We.readFile(n,"utf-8")}catch(t){if(U(t))return e;throw t}}async function Wt(n,e){await _a(n,"file",as... L10: `).map(o=>o.replace(/^\s*-\s*['"]?|['"]?\s*$/g,"")).filter(Boolean))}else if(e==="npm"||e==="lerna"){let s=je.join(n,"package.json"),i=JSON.parse(await Qn.readFile(s,"utf-8"));if(A... L11: -- =======================================================================
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/bin/prjct-hooks.mjsView on unpkg · L9
dist/bin/prjct-core.mjsView file
5Cross-file remote execution chain: dist/bin/prjct-core.mjs spawns dist/daemon/entry.mjs; helper contains network access plus dynamic code execution. L5: var __filename = __fileURLToPath(import.meta.url); L6: var __dirname = __pathDirname(__filename); L7: var hj=Object.create;var Jo=Object.defineProperty;var yj=Object.getOwnPropertyDescriptor;var wj=Object.getOwnPropertyNames;var kj=Object.getPrototypeOf,Ej=Object.prototype.hasOwnPr... L8: `,"utf-8"),Qa=n,Dd=jk(ec())}function Rt(n){return Od()[n]}function Dk(){return Od()}function $e(n,e){let t=Od();e===void 0?delete t[n]:t[n]=e,Aj(t)}function Ok(n){$e(n,void 0)}func... L9: `)}catch{}return o}async function nc(){try{let n=new AbortController,e=setTimeout(()=>n.abort(),6e3),t=await fetch(xj,{signal:n.signal});if(clearTimeout(e),!t.ok)return null;let r=... L10: `)}catch{}}var Hk,Wk,Oj,Gk,Fj,Ud=h(()=>{"use strict";Mn();lr();tc();Ld();Hk=Dj(Nj),Wk=a(()=>Zo.join(et(),"state"),"stateDir"),Oj=a(()=>Zo.join(Wk(),"auto-update.log"),"logPath"),Gk... ... L13: `)} L14: `}function Qk(n){return`${["<!-- prjct:start - DO NOT REMOVE THIS MARKER -->","# p/ \u2014 Context layer for AI agents","","Skills auto-activate for: work, intent, ship, sync, g…
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/bin/prjct-core.mjsView on unpkg · L5
2312`,"utf-8"),await Ot.writeFile(o,Ma(i),"utf-8"),await Ot.writeFile(ze.join(t,"latest-comparison.json"),`${JSON.stringify(i,null,2)} L2313: `,"utf-8"),i}function Rd(n){let e=n.repo.replace(/[^a-zA-Z0-9_.-]+/g,"-").replace(/^-+|-+$/g,"")||"unknown";return ze.join(et(),"evals",e)}async function Ww(n){try{return Fw.parse(... L2314: Project: \`${s.projectId}\`
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/bin/prjct-core.mjsView on unpkg · L2312
dist/bin/prjct.mjsView file
2import{connect}from"node:net";import{existsSync}from"node:fs";import{createHash,randomUUID}from"node:crypto";import{homedir}from"node:os";import{join,resolve}from"node:path"; L3: const cliHome=process.env.PRJCT_CLI_HOME?resolve(process.env.PRJCT_CLI_HOME):join(homedir(),".prjct-cli"); L4: const namedPipe=process.platform==="win32"; L5: const sockPath=namedPipe?"\\.\pipe\prjct-"+createHash("sha1").update(resolve(cliHome)).digest("hex").slice(0,16)+"-daemon":join(cliHome,"run","daemon.sock"); ... L20: const sock=connect(sockPath);let buf="",done=false; L21: const soft=()=>{if(!done){done=true;clearTimeout(t);sock.destroy();process.stdout.write("{}\n");process.exit(0)}}; L22: const t=setTimeout(soft,5000); L23: sock.on("connect",()=>sock.write(msg)); L24: sock.on("data",c=>{buf+=c.toString();const n=buf.indexOf("\n");if(n!==-1){const r=JSON.parse(buf.slice(0,n));if(r.retry){soft();return}done=true;clearTimeout(t);sock.end();if(r.std... L25: sock.on("error",soft);
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/bin/prjct.mjsView on unpkg · L2
scripts/install.shView file
path = scripts/install.sh kind = build_helper sizeBytes = 17075 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/install.shView on unpkg

Findings

1 Critical5 High6 Medium7 Low
CriticalPrevious Version Dangerous Deltabin/prjct.cjs
HighChild Processbin/prjct.cjs
HighShelldist/bin/prjct-hooks.mjs
HighSame File Env Network Executiondist/bin/prjct-hooks.mjs
HighCommand Output Exfiltrationdist/bin/prjct-hooks.mjs
HighCross File Remote Execution Contextdist/bin/prjct-core.mjs
MediumDynamic Requirebin/prjct.cjs
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperscripts/install.sh
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/bin/prjct-core.mjs
LowWeak Cryptodist/bin/prjct.mjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings