@a5c-ai/babysitter-github
Babysitter orchestration plugin for GitHub Copilot CLI with lifecycle hooks and SDK-managed process-library bootstrapping
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| install-scripts | install-script:postinstall | AI (install-scripts): Runs node bin/install.js for SDK bootstrapping; consistent with documented plugin lifecycle for this package. | ai | |
| semgrep | semgrep:env-spread | AI (semgrep): CLI tool passing process.env to child process is standard; not exfiltration. | ai | |
| semgrep | semgrep:child-process-import | AI (semgrep): CLI bin legitimately uses spawnSync to execute subprocesses; expected pattern. | ai | |
| phantom-deps | phantom-dep:@a5c-ai/babysitter-sdk | AI (phantom-deps): Package is declared as a runtime dependency; same-org scope, likely used indirectly. | ai |
Versions (showing 5 of 5)
| Version | Deps | Published |
|---|---|---|
| 5.0.0 | 1 / 0 | |
| 0.1.4 | 1 / 0 | |
| 0.1.3 | 1 / 0 | |
| 0.1.2 | 1 / 0 | |
| 0.1.1 | 1 / 0 |
v5.0.0
4 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/a5c-ai/babysitter-github-copilot/blob/2af401e4a33db42f7e55b5ddeee5732b756cc48c/bin/cli.js#L52 50 | cwd: process.cwd(), 51 | stdio: 'inherit', > 52 | env: { ...process.env, ...extraEnv }, 53 | }); 54 | process.exitCode = result.status ?? 1;
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/a5c-ai/babysitter-github-copilot/blob/2af401e4a33db42f7e55b5ddeee5732b756cc48c/bin/install-shared.js#L133 131 | spawnSync(process.execPath, [postInstall], { 132 | cwd: pluginRoot, stdio: 'inherit', > 133 | env: { ...process.env, PLUGIN_ROOT: pluginRoot }, 134 | }); 135 | }
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/a5c-ai/babysitter-github-copilot/blob/2af401e4a33db42f7e55b5ddeee5732b756cc48c/bin/install-shared.js#L160 158 | timeout: options.timeout || 120000, 159 | cwd: options.cwd || process.cwd(), > 160 | env: { ...process.env, ...options.env }, 161 | }); 162 | return result;
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.4
4 findingsScript: node bin/install.js
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/a5c-ai/babysitter/blob/d97a2e46a84cbc3ca4589050a9bddbcbf792a785/bin/cli.js#L68 66 | cwd: process.cwd(), 67 | stdio: 'inherit', > 68 | env: { 69 | ...process.env, 70 | ...extraEnv,
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/a5c-ai/babysitter/blob/d97a2e46a84cbc3ca4589050a9bddbcbf792a785/bin/install-shared.js#L652 650 | stdio: ['ignore', 'pipe', 'pipe'], 651 | encoding: 'utf8', > 652 | env: { 653 | ...process.env, 654 | ...(options.env || {}),
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.3
4 findingsScript: node bin/install.js
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/a5c-ai/babysitter/blob/c99c904158445a99045f9f035c906ab617ef4323/bin/cli.js#L68 66 | cwd: process.cwd(), 67 | stdio: 'inherit', > 68 | env: { 69 | ...process.env, 70 | ...extraEnv,
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/a5c-ai/babysitter/blob/c99c904158445a99045f9f035c906ab617ef4323/bin/install-shared.js#L652 650 | stdio: ['ignore', 'pipe', 'pipe'], 651 | encoding: 'utf8', > 652 | env: { 653 | ...process.env, 654 | ...(options.env || {}),
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.2
4 findingsScript: node bin/install.js
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/a5c-ai/babysitter/blob/f4999606c845fa5cf346beb5a79daadf6d5a608c/bin/cli.js#L68 66 | cwd: process.cwd(), 67 | stdio: 'inherit', > 68 | env: { 69 | ...process.env, 70 | ...extraEnv,
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/a5c-ai/babysitter/blob/f4999606c845fa5cf346beb5a79daadf6d5a608c/bin/install-shared.js#L652 650 | stdio: ['ignore', 'pipe', 'pipe'], 651 | encoding: 'utf8', > 652 | env: { 653 | ...process.env, 654 | ...(options.env || {}),
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.1
4 findingsScript: node bin/install.js
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/a5c-ai/babysitter/blob/526dd59d05880076153d42cd33cd5a2bcc6e16a5/bin/cli.js#L68 66 | cwd: process.cwd(), 67 | stdio: 'inherit', > 68 | env: { 69 | ...process.env, 70 | ...extraEnv,
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/a5c-ai/babysitter/blob/526dd59d05880076153d42cd33cd5a2bcc6e16a5/bin/install-shared.js#L652 650 | stdio: ['ignore', 'pipe', 'pipe'], 651 | encoding: 'utf8', > 652 | env: { 653 | ...process.env, 654 | ...(options.env || {}),
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.