@a5c-ai/babysitter-pi
Babysitter package for Pi Coding Agent
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:env-spread | AI (semgrep): CLI wrapper intentionally forwards process.env to child processes; expected pattern for this package. | ai | |
| semgrep | semgrep:child-process-import | AI (semgrep): CLI bin entry uses spawnSync for process orchestration; expected pattern for this package. | ai | |
| phantom-deps | phantom-dep:@a5c-ai/babysitter-sdk | AI (phantom-deps): Same-org SDK likely consumed by extensions/skills at runtime, not direct top-level import. | ai |
Versions (showing 5 of 5)
| Version | Deps | Published |
|---|---|---|
| 5.0.0 | 0 / 0 | |
| 0.1.3 | 1 / 0 | |
| 0.1.2 | 1 / 0 | |
| 0.1.1 | 1 / 0 | |
| 0.1.0 | 1 / 0 |
v5.0.0
5 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/a5c-ai/babysitter-pi/blob/0fb567501e4173ac727dfb174b4d2895e6e12ed9/bin/cli.cjs#L52 50 | cwd: process.cwd(), 51 | stdio: 'inherit', > 52 | env: { ...process.env, ...extraEnv }, 53 | }); 54 | process.exitCode = result.status ?? 1;
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/a5c-ai/babysitter-pi/blob/0fb567501e4173ac727dfb174b4d2895e6e12ed9/bin/install-shared.cjs#L133 131 | spawnSync(process.execPath, [postInstall], { 132 | cwd: pluginRoot, stdio: 'inherit', > 133 | env: { ...process.env, PLUGIN_ROOT: pluginRoot }, 134 | }); 135 | }
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/a5c-ai/babysitter-pi/blob/0fb567501e4173ac727dfb174b4d2895e6e12ed9/bin/install-shared.cjs#L160 158 | timeout: options.timeout || 120000, 159 | cwd: options.cwd || process.cwd(), > 160 | env: { ...process.env, ...options.env }, 161 | }); 162 | return result;
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/a5c-ai/babysitter-pi/blob/0fb567501e4173ac727dfb174b4d2895e6e12ed9/extensions/index.ts#L43 41 | stdio: ["pipe", "pipe", "pipe"], 42 | timeout: 30000, > 43 | env: { 44 | ...process.env, 45 | PI_PLUGIN_ROOT: PLUGIN_ROOT,
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.0
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/a5c-ai/babysitter/blob/44974b226e5ce788fe1d0776273d37656fdf657b/extensions/babysitter/cli-wrapper.ts#L70 68 | timeout, 69 | maxBuffer: 10 * 1024 * 1024, // 10 MiB > 70 | env: { ...process.env, ...options.env }, 71 | }, 72 | (error, stdout, stderr) => {
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.