@directive-run/ai
AI guardrails and orchestration for Directive. Prompt injection, PII detection, cost tracking, multi-agent patterns.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/multi-agent-orchestrator-KFGTEGE5.cjs | AI (source-diff): Standard tsup-generated minified bundle; export names are readable and match package API. Not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/multi-agent-orchestrator-SH5TRRS3.cjs | AI (source-diff): Standard tsup/rollup bundle with re-exports; source maps included. Not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/multi-agent-orchestrator-QWJNM4EZ.cjs | AI (source-diff): Standard tsup/rollup CJS bundle with long re-export lines; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/types-CRmwFnVk.d.cts | AI (source-diff): TypeScript declaration file with readable interfaces; long lines from concatenated type definitions. | ai | |
| source-diff | obfuscated-file:dist/types-CRmwFnVk.d.ts | AI (source-diff): Same as .d.cts — readable TS declarations, not obfuscated code. | ai | |
| typosquat | typosquat.levenshtein:hapi | AI (typosquat): Scoped package @directive-run/ai; Levenshtein match to 'hapi' is a heuristic false positive. | ai | |
| typosquat | typosquat.levenshtein:qs | AI (typosquat): Scoped package @directive-run/ai; Levenshtein match to 'qs' is a heuristic false positive. | ai | |
| typosquat | typosquat.levenshtein:pg | AI (typosquat): Scoped package @directive-run/ai; Levenshtein match to 'pg' is a heuristic false positive. | ai | |
| typosquat | typosquat.levenshtein:joi | AI (typosquat): Scoped package @directive-run/ai; Levenshtein match to 'joi' is a heuristic false positive. | ai | |
| typosquat | typosquat.levenshtein:ajv | AI (typosquat): Scoped package @directive-run/ai; Levenshtein match to 'ajv' is a heuristic false positive. | ai |
Versions (showing 22 of 22)
| Version | Deps | Published |
|---|---|---|
| 1.13.0 | 0 / 4 | |
| 1.12.0 | 0 / 4 | |
| 1.11.0 | 0 / 4 | |
| 1.10.0 | 0 / 4 | |
| 1.9.0 | 0 / 4 | |
| 1.8.0 | 0 / 4 | |
| 1.7.0 | 0 / 4 | |
| 1.6.1 | 0 / 4 | |
| 1.6.0 | 0 / 4 | |
| 1.5.0 | 0 / 4 | |
| 1.4.0 | 0 / 4 | |
| 1.3.0 | 0 / 4 | |
| 1.1.2 | 0 / 4 | |
| 1.1.1 | 0 / 4 | |
| 1.1.0 | 0 / 4 | |
| 1.0.1 | 0 / 4 | |
| 1.0.0 | 0 / 4 | |
| 0.8.9 | 0 / 4 | |
| 0.8.8 | 0 / 4 | |
| 0.8.7 | 0 / 4 | |
| 0.2.0 | 0 / 4 | |
| 0.1.1 | 0 / 4 |
v1.13.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.12.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.11.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.1
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.5.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.1
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.0
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.1
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.0
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.9
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.8
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.7
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.