VasperaPM - AI-powered verified specifications. Discover docs, analyze code, detect drift.
Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Source appears to send environment or credential material to an external endpoint.
dist/server.jsView on unpkg · L79Package source references dynamic require/import behavior.
dist/server.jsView on unpkg · L3341Package source references weak cryptographic algorithms.
dist/server.jsView on unpkg · L79A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli.jsView on unpkg · L31A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/cli.jsView on unpkg · L506Source appears to send environment or credential material to an external endpoint.
dist/server.jsView on unpkg · L79Package source references dynamic require/import behavior.
dist/server.jsView on unpkg · L3341Package source references weak cryptographic algorithms.
dist/server.jsView on unpkg · L79A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli.jsView on unpkg · L31A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/cli.jsView on unpkg · L506