@a5c-ai/babysitter-cursor
Babysitter orchestration plugin for Cursor IDE with SDK-managed process-library bootstrapping and in-turn iteration model
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@a5c-ai/babysitter-sdk | AI (phantom-deps): Same-org SDK dependency; likely used indirectly or via bin scripts rather than direct require in analyzed files. | ai | |
| install-scripts | install-script:postinstall | AI (install-scripts): Cursor IDE plugin bootstrap via node bin/install.js; consistent with documented SDK-managed process-library setup. | ai | |
| semgrep | semgrep:env-spread | AI (semgrep): CLI tool passes process.env to spawned subprocesses — standard pattern for orchestration tools, not exfiltration. | ai | |
| semgrep | semgrep:child-process-import | AI (semgrep): CLI orchestration tool legitimately uses child_process to spawn subprocesses; stable pattern for this package. | ai |
Versions (showing 5 of 5)
| Version | Deps | Published |
|---|---|---|
| 5.0.0 | 1 / 0 | |
| 0.1.4 | 1 / 0 | |
| 0.1.3 | 1 / 0 | |
| 0.1.2 | 1 / 0 | |
| 0.1.1 | 1 / 0 |
v5.0.0
5 findingsScript: node bin/install.js
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/a5c-ai/babysitter-cursor/blob/80759fa8fdad528202cf4e56da69e63b0639a3bc/bin/cli.js#L52 50 | cwd: process.cwd(), 51 | stdio: 'inherit', > 52 | env: { ...process.env, ...extraEnv }, 53 | }); 54 | process.exitCode = result.status ?? 1;
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/a5c-ai/babysitter-cursor/blob/80759fa8fdad528202cf4e56da69e63b0639a3bc/bin/install-shared.js#L133 131 | spawnSync(process.execPath, [postInstall], { 132 | cwd: pluginRoot, stdio: 'inherit', > 133 | env: { ...process.env, PLUGIN_ROOT: pluginRoot }, 134 | }); 135 | }
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/a5c-ai/babysitter-cursor/blob/80759fa8fdad528202cf4e56da69e63b0639a3bc/bin/install-shared.js#L160 158 | timeout: options.timeout || 120000, 159 | cwd: options.cwd || process.cwd(), > 160 | env: { ...process.env, ...options.env }, 161 | }); 162 | return result;
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.4
4 findingsScript: node bin/install.js
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/a5c-ai/babysitter/blob/d97a2e46a84cbc3ca4589050a9bddbcbf792a785/bin/cli.js#L60 58 | cwd: process.cwd(), 59 | stdio: 'inherit', > 60 | env: { 61 | ...process.env, 62 | ...extraEnv,
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/a5c-ai/babysitter/blob/d97a2e46a84cbc3ca4589050a9bddbcbf792a785/bin/install-shared.js#L346 344 | stdio: ['ignore', 'pipe', 'pipe'], 345 | encoding: 'utf8', > 346 | env: { 347 | ...process.env, 348 | ...(options.env || {}),
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.3
4 findingsScript: node bin/install.js
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/a5c-ai/babysitter/blob/c99c904158445a99045f9f035c906ab617ef4323/bin/cli.js#L60 58 | cwd: process.cwd(), 59 | stdio: 'inherit', > 60 | env: { 61 | ...process.env, 62 | ...extraEnv,
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/a5c-ai/babysitter/blob/c99c904158445a99045f9f035c906ab617ef4323/bin/install-shared.js#L346 344 | stdio: ['ignore', 'pipe', 'pipe'], 345 | encoding: 'utf8', > 346 | env: { 347 | ...process.env, 348 | ...(options.env || {}),
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.2
4 findingsScript: node bin/install.js
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/a5c-ai/babysitter/blob/f4999606c845fa5cf346beb5a79daadf6d5a608c/bin/cli.js#L60 58 | cwd: process.cwd(), 59 | stdio: 'inherit', > 60 | env: { 61 | ...process.env, 62 | ...extraEnv,
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/a5c-ai/babysitter/blob/f4999606c845fa5cf346beb5a79daadf6d5a608c/bin/install-shared.js#L346 344 | stdio: ['ignore', 'pipe', 'pipe'], 345 | encoding: 'utf8', > 346 | env: { 347 | ...process.env, 348 | ...(options.env || {}),
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.1
4 findingsScript: node bin/install.js
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/a5c-ai/babysitter/blob/526dd59d05880076153d42cd33cd5a2bcc6e16a5/bin/cli.js#L60 58 | cwd: process.cwd(), 59 | stdio: 'inherit', > 60 | env: { 61 | ...process.env, 62 | ...extraEnv,
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/a5c-ai/babysitter/blob/526dd59d05880076153d42cd33cd5a2bcc6e16a5/bin/install-shared.js#L346 344 | stdio: ['ignore', 'pipe', 'pipe'], 345 | encoding: 'utf8', > 346 | env: { 347 | ...process.env, 348 | ...(options.env || {}),
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.