← Home

@dreb/coding-agent

npm Repository Homepage

Coding agent CLI with read, bash, edit, write tools and session management

51
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

aebrer

Keywords

coding-agentaillmclituiagent

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
semgrep semgrep:steganography-image-eval AI (semgrep): Fires on examples/doom-overlay reading a WAD game file, not a steganography attack. ai
semgrep semgrep:new-function-constructor AI (semgrep): Used in doom-overlay example to load a pre-built Doom JS module; not user-controlled input. ai
semgrep semgrep:base64-decode AI (semgrep): Decodes AI-generated image data in an example extension; legitimate use. ai
semgrep semgrep:shady-links-raw-ip AI (semgrep): 127.0.0.1 localhost OAuth redirect URI in a GitLab Duo example; standard OAuth PKCE pattern. ai
semgrep semgrep:child-process-import AI (semgrep): Used in notify.ts example to send Windows toast notifications via PowerShell; benign. ai
phantom-deps phantom-dep:tree-sitter-c AI (phantom-deps): Tree-sitter grammars loaded dynamically at runtime; not directly imported in source. ai
phantom-deps phantom-dep:tree-sitter-go AI (phantom-deps): Tree-sitter grammars loaded dynamically at runtime; not directly imported in source. ai
phantom-deps phantom-dep:tree-sitter-cpp AI (phantom-deps): Tree-sitter grammars loaded dynamically at runtime; not directly imported in source. ai
phantom-deps phantom-dep:tree-sitter-java AI (phantom-deps): Tree-sitter grammars loaded dynamically at runtime; not directly imported in source. ai
phantom-deps phantom-dep:tree-sitter-rust AI (phantom-deps): Tree-sitter grammars loaded dynamically at runtime; not directly imported in source. ai
phantom-deps phantom-dep:tree-sitter-python AI (phantom-deps): Tree-sitter grammars loaded dynamically at runtime; not directly imported in source. ai
phantom-deps phantom-dep:tree-sitter-javascript AI (phantom-deps): Tree-sitter grammars loaded dynamically at runtime; not directly imported in source. ai
phantom-deps phantom-dep:tree-sitter-typescript AI (phantom-deps): Tree-sitter grammars loaded dynamically at runtime; not directly imported in source. ai
phantom-deps phantom-dep:web-tree-sitter AI (phantom-deps): Loaded dynamically; phantom-dep heuristic false positive for this package. ai
phantom-deps phantom-dep:glob AI (phantom-deps): Used in config/build tooling; phantom-dep heuristic false positive. ai
phantom-deps phantom-dep:@huggingface/transformers AI (phantom-deps): Loaded dynamically for ML inference; phantom-dep heuristic false positive. ai

Versions (showing 51 of 58)

View all versions
Version Deps Published
2.25.3 32 / 8
2.25.2 32 / 8
2.25.1 32 / 8
2.25.0 32 / 8
2.24.0 32 / 8
2.23.0 32 / 8
2.22.1 32 / 8
2.22.0 32 / 8
2.21.1 32 / 8
2.21.0 32 / 8
2.20.0 32 / 8
2.19.3 32 / 8
2.19.2 32 / 8
2.19.1 32 / 8
2.19.0 32 / 8
2.18.0 32 / 8
2.17.0 32 / 8
2.16.0 32 / 8
2.15.2 32 / 8
2.15.1 32 / 8
2.15.0 32 / 8
2.14.1 32 / 8
2.14.0 32 / 8
2.13.0 32 / 8
2.12.1 32 / 8
2.12.0 32 / 8
2.11.1 32 / 8
2.11.0 32 / 8
2.10.0 32 / 8
2.9.0 32 / 8
2.8.0 32 / 8
2.7.0 32 / 8
2.6.3 32 / 8
2.6.2 32 / 8
2.6.1 32 / 8
2.6.0 32 / 8
2.5.2 32 / 8
2.5.1 32 / 8
2.5.0 32 / 8
2.4.5 32 / 8
2.4.4 32 / 8
2.4.3 32 / 8
2.4.2 32 / 8
2.4.1 32 / 8
2.4.0 32 / 8
2.3.0 31 / 8
2.2.0 31 / 8
2.1.0 31 / 8
2.0.7 31 / 8
2.0.6 31 / 8
2.0.5 31 / 8

v2.25.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.25.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.25.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.25.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.24.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.23.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.22.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.22.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.21.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.21.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.20.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.19.3

2 findings
HIGH steganography-image-eval: examples/extensions/doom-overlay/doom-engine.ts:58 semgrep

Data read from image file then executed — steganography attack pattern Source: https://github.com/aebrer/dreb/blob/bf6a97c95d8c983e3d401ac0ab7595c402a4c613/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.19.2

2 findings
HIGH steganography-image-eval: examples/extensions/doom-overlay/doom-engine.ts:58 semgrep

Data read from image file then executed — steganography attack pattern Source: https://github.com/aebrer/dreb/blob/5846a196e86363d3e91f488002022500789f2afe/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.19.1

2 findings
HIGH steganography-image-eval: examples/extensions/doom-overlay/doom-engine.ts:58 semgrep

Data read from image file then executed — steganography attack pattern Source: https://github.com/aebrer/dreb/blob/1b9e7390a3296891d9beafd21947b67ccca6b4ff/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.19.0

2 findings
HIGH steganography-image-eval: examples/extensions/doom-overlay/doom-engine.ts:58 semgrep

Data read from image file then executed — steganography attack pattern Source: https://github.com/aebrer/dreb/blob/b0c18685c5667fe3fc47e35f5641dce1feff9b3f/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.18.0

2 findings
HIGH steganography-image-eval: examples/extensions/doom-overlay/doom-engine.ts:58 semgrep

Data read from image file then executed — steganography attack pattern Source: https://github.com/aebrer/dreb/blob/73b54e99953fcf7e5f95fd9124d02e982fb37fcf/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.17.0

2 findings
HIGH steganography-image-eval: examples/extensions/doom-overlay/doom-engine.ts:58 semgrep

Data read from image file then executed — steganography attack pattern Source: https://github.com/aebrer/dreb/blob/e1cb17826c46448cb93719880a73547903a2c41f/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.16.0

2 findings
HIGH steganography-image-eval: examples/extensions/doom-overlay/doom-engine.ts:58 semgrep

Data read from image file then executed — steganography attack pattern Source: https://github.com/aebrer/dreb/blob/27d24b48a5a89fddfc1b4a5da7847ca9a715d466/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.15.2

2 findings
HIGH steganography-image-eval: examples/extensions/doom-overlay/doom-engine.ts:58 semgrep

Data read from image file then executed — steganography attack pattern Source: https://github.com/aebrer/dreb/blob/6f725a23b1adf2075d55500eb4c4874e36d3e1cd/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.15.1

2 findings
HIGH steganography-image-eval: examples/extensions/doom-overlay/doom-engine.ts:58 semgrep

Data read from image file then executed — steganography attack pattern Source: https://github.com/aebrer/dreb/blob/c7608a9e0d5ab3783d1c30351358bdd3f6b38bc8/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.15.0

2 findings
HIGH steganography-image-eval: examples/extensions/doom-overlay/doom-engine.ts:58 semgrep

Data read from image file then executed — steganography attack pattern Source: https://github.com/aebrer/dreb/blob/04bd8ce1246c00c25f5e130c56a91635495908a6/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.14.1

2 findings
HIGH steganography-image-eval: examples/extensions/doom-overlay/doom-engine.ts:58 semgrep

Data read from image file then executed — steganography attack pattern Source: https://github.com/aebrer/dreb/blob/8df67313a79061b50c56c822780ee33b76be2e38/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.14.0

2 findings
HIGH steganography-image-eval: examples/extensions/doom-overlay/doom-engine.ts:58 semgrep

Data read from image file then executed — steganography attack pattern Source: https://github.com/aebrer/dreb/blob/6aa675a36a9e84d354ae66c4b8d2360313d2df60/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.13.0

2 findings
HIGH steganography-image-eval: examples/extensions/doom-overlay/doom-engine.ts:58 semgrep

Data read from image file then executed — steganography attack pattern Source: https://github.com/aebrer/dreb/blob/32ed404c502981d580e2b6f408a5ffcad8cabfc5/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.12.1

2 findings
HIGH steganography-image-eval: examples/extensions/doom-overlay/doom-engine.ts:58 semgrep

Data read from image file then executed — steganography attack pattern Source: https://github.com/aebrer/dreb/blob/bf2326a03e1eb3a5b8dcb4297badcd50ca832d67/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.12.0

2 findings
HIGH steganography-image-eval: examples/extensions/doom-overlay/doom-engine.ts:58 semgrep

Data read from image file then executed — steganography attack pattern Source: https://github.com/aebrer/dreb/blob/e7bac7f30799392b4cd33ab08fa32e7e797e5b8b/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.11.1

2 findings
HIGH steganography-image-eval: examples/extensions/doom-overlay/doom-engine.ts:58 semgrep

Data read from image file then executed — steganography attack pattern Source: https://github.com/aebrer/dreb/blob/6acab363726315cb7997bb8f9b08d8fa4291f1cc/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.11.0

2 findings
HIGH steganography-image-eval: examples/extensions/doom-overlay/doom-engine.ts:58 semgrep

Data read from image file then executed — steganography attack pattern Source: https://github.com/aebrer/dreb/blob/dc7335ddc8fb9fad4fd57a30ff005a444f181d2d/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.10.0

2 findings
HIGH steganography-image-eval: examples/extensions/doom-overlay/doom-engine.ts:58 semgrep

Data read from image file then executed — steganography attack pattern Source: https://github.com/aebrer/dreb/blob/d08279d9d303eb279810cda59edc5fe01764fef9/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.9.0

2 findings
HIGH steganography-image-eval: examples/extensions/doom-overlay/doom-engine.ts:58 semgrep

Data read from image file then executed — steganography attack pattern Source: https://github.com/aebrer/dreb/blob/05fd75747667eae79630a5a213310b4af29d6f12/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.8.0

2 findings
HIGH steganography-image-eval: examples/extensions/doom-overlay/doom-engine.ts:58 semgrep

Data read from image file then executed — steganography attack pattern Source: https://github.com/aebrer/dreb/blob/d7b87c3336756fdbec8beee58526311fb05152e9/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.7.0

2 findings
HIGH steganography-image-eval: examples/extensions/doom-overlay/doom-engine.ts:58 semgrep

Data read from image file then executed — steganography attack pattern Source: https://github.com/aebrer/dreb/blob/63593b21535bc9c5c126c66fe6f0ae93277cac6d/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.6.3

2 findings
HIGH steganography-image-eval: examples/extensions/doom-overlay/doom-engine.ts:58 semgrep

Data read from image file then executed — steganography attack pattern Source: https://github.com/aebrer/dreb/blob/ff7be6e7553690f0c37db6789c3e0383dac42105/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.6.2

2 findings
HIGH steganography-image-eval: examples/extensions/doom-overlay/doom-engine.ts:58 semgrep

Data read from image file then executed — steganography attack pattern Source: https://github.com/aebrer/dreb/blob/fdf8ac297f688acb94a868902949b8bab7e3084d/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.6.1

2 findings
HIGH steganography-image-eval: examples/extensions/doom-overlay/doom-engine.ts:58 semgrep

Data read from image file then executed — steganography attack pattern Source: https://github.com/aebrer/dreb/blob/4409e23652693aa304e8f3752a27f8247f7a0413/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.6.0

2 findings
HIGH steganography-image-eval: examples/extensions/doom-overlay/doom-engine.ts:58 semgrep

Data read from image file then executed — steganography attack pattern Source: https://github.com/aebrer/dreb/blob/b7fc9ecf4186ed93cac61d9f7c39f887ee76f04a/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.5.2

2 findings
HIGH steganography-image-eval: examples/extensions/doom-overlay/doom-engine.ts:58 semgrep

Data read from image file then executed — steganography attack pattern Source: https://github.com/aebrer/dreb/blob/af99362f7cdbce0301d81d86c03f0f0d736e3fc4/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.5.1

2 findings
HIGH steganography-image-eval: examples/extensions/doom-overlay/doom-engine.ts:58 semgrep

Data read from image file then executed — steganography attack pattern Source: https://github.com/aebrer/dreb/blob/283ffe546225af21b508c0df44f91ca89a4f33e0/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.5.0

2 findings
HIGH steganography-image-eval: examples/extensions/doom-overlay/doom-engine.ts:58 semgrep

Data read from image file then executed — steganography attack pattern Source: https://github.com/aebrer/dreb/blob/c21667b7c7a23619074ddaf82b3590e8d9c7c493/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.4.5

2 findings
HIGH steganography-image-eval: examples/extensions/doom-overlay/doom-engine.ts:58 semgrep

Data read from image file then executed — steganography attack pattern Source: https://github.com/aebrer/dreb/blob/d9c1f5160302eb9d09deae96c02611f5a99f64c2/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.4.4

2 findings
HIGH steganography-image-eval: examples/extensions/doom-overlay/doom-engine.ts:58 semgrep

Data read from image file then executed — steganography attack pattern Source: https://github.com/aebrer/dreb/blob/0ae3f7720cc36dce4242240f9e09565cada74e6e/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.4.3

2 findings
HIGH steganography-image-eval: examples/extensions/doom-overlay/doom-engine.ts:58 semgrep

Data read from image file then executed — steganography attack pattern Source: https://github.com/aebrer/dreb/blob/99c196e73c53e670c3ce635bf845e988e80f21d8/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.4.2

2 findings
HIGH steganography-image-eval: examples/extensions/doom-overlay/doom-engine.ts:58 semgrep

Data read from image file then executed — steganography attack pattern Source: https://github.com/aebrer/dreb/blob/5a527424ba1f4f6eb675ea401c595330f4939a32/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.4.1

2 findings
HIGH steganography-image-eval: examples/extensions/doom-overlay/doom-engine.ts:58 semgrep

Data read from image file then executed — steganography attack pattern Source: https://github.com/aebrer/dreb/blob/70d25cb5303709d3f07683129b8bd5e01e926b07/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.4.0

2 findings
HIGH steganography-image-eval: examples/extensions/doom-overlay/doom-engine.ts:58 semgrep

Data read from image file then executed — steganography attack pattern Source: https://github.com/aebrer/dreb/blob/afe9188d25568ea740bd7ef9db69d9e2896f879b/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.3.0

2 findings
HIGH steganography-image-eval: examples/extensions/doom-overlay/doom-engine.ts:58 semgrep

Data read from image file then executed — steganography attack pattern Source: https://github.com/aebrer/dreb/blob/51da164fc8b7be547f8603385cd9640774dfbba8/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.2.0

2 findings
HIGH steganography-image-eval: examples/extensions/doom-overlay/doom-engine.ts:58 semgrep

Data read from image file then executed — steganography attack pattern Source: https://github.com/aebrer/dreb/blob/87bf89f51f6f48339deb150fc9bb2d7db233b3f2/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.1.0

2 findings
HIGH steganography-image-eval: examples/extensions/doom-overlay/doom-engine.ts:58 semgrep

Data read from image file then executed — steganography attack pattern Source: https://github.com/aebrer/dreb/blob/4496bc30b0ae135c629ffd3be1035c52159e0a72/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.7

2 findings
HIGH steganography-image-eval: examples/extensions/doom-overlay/doom-engine.ts:58 semgrep

Data read from image file then executed — steganography attack pattern Source: https://github.com/aebrer/dreb/blob/65549147e2b43e8d6df0cc12cc15e558b12ba53a/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.6

2 findings
HIGH steganography-image-eval: examples/extensions/doom-overlay/doom-engine.ts:58 semgrep

Data read from image file then executed — steganography attack pattern Source: https://github.com/aebrer/dreb/blob/358f779467ed1d9ff30c0c170df3a339a4e555b7/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.5

2 findings
HIGH steganography-image-eval: examples/extensions/doom-overlay/doom-engine.ts:58 semgrep

Data read from image file then executed — steganography attack pattern Source: https://github.com/aebrer/dreb/blob/fa5bc67916fded9670685a3090fa656c14afbc1d/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.