@flyingrobots/graft
Context governor and between-commit activity surface for coding agents
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:env-spread | AI (semgrep): env spread used to forward process.env to a child process — standard pattern, not exfiltration. | ai | |
| semgrep | semgrep:api-obfuscation-reflect | AI (semgrep): Reflect.get inside a Proxy get trap is idiomatic JS; not obfuscation. | ai | |
| phantom-deps | phantom-dep:tree-sitter-wasms | AI (phantom-deps): Platform-specific binary package; declared as runtime dep but consumed indirectly — stable false positive. | ai |
Versions (showing 9 of 9)
| Version | Deps | Published |
|---|---|---|
| 0.8.0 | 10 / 10 | |
| 0.7.1 | 9 / 10 | |
| 0.7.0 | 10 / 9 | |
| 0.6.1 | 10 / 9 | |
| 0.6.0 | 10 / 9 | |
| 0.5.0 | 8 / 9 | |
| 0.4.0 | 8 / 8 | |
| 0.3.5 | 6 / 8 | |
| 0.3.1 | 6 / 8 |
v0.8.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.0
3 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/flyingrobots/graft/blob/3e01d8964d6f432f842578a596cc834b03be87c0/bin/graft.js#L29 27 | execFileSync(process.execPath, ["--import", tsxPath, script, ...process.argv.slice(2)], { 28 | stdio: "inherit", > 29 | env: { ...process.env, __GRAFT_TSX_LOADED: "1" }, 30 | }); 31 | } catch (err) {
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/flyingrobots/graft/blob/3e01d8964d6f432f842578a596cc834b03be87c0/src/mcp/daemon-stdio-bridge.ts#L104 102 | stdio: ["ignore", "ignore", "ignore"], 103 | windowsHide: true, > 104 | env: { ...process.env }, 105 | }, 106 | );
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.1
3 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/flyingrobots/graft/blob/78b5350a1a7aa0822f9164025e64ed51a550673e/bin/graft.js#L29 27 | execFileSync(process.execPath, ["--import", tsxPath, script, ...process.argv.slice(2)], { 28 | stdio: "inherit", > 29 | env: { ...process.env, __GRAFT_TSX_LOADED: "1" }, 30 | }); 31 | } catch (err) {
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/flyingrobots/graft/blob/78b5350a1a7aa0822f9164025e64ed51a550673e/src/mcp/daemon-stdio-bridge.ts#L104 102 | stdio: ["ignore", "ignore", "ignore"], 103 | windowsHide: true, > 104 | env: { ...process.env }, 105 | }, 106 | );
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.0
3 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/flyingrobots/graft/blob/ae2dc7b675f6dca372a82dba5554e3925e9429ea/bin/graft.js#L29 27 | execFileSync(process.execPath, ["--import", tsxPath, script, ...process.argv.slice(2)], { 28 | stdio: "inherit", > 29 | env: { ...process.env, __GRAFT_TSX_LOADED: "1" }, 30 | }); 31 | } catch (err) {
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/flyingrobots/graft/blob/ae2dc7b675f6dca372a82dba5554e3925e9429ea/src/mcp/daemon-stdio-bridge.ts#L104 102 | stdio: ["ignore", "ignore", "ignore"], 103 | windowsHide: true, > 104 | env: { ...process.env }, 105 | }, 106 | );
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.0
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/flyingrobots/graft/blob/e61f4dfdd1dfc69e90a080c657962d41ed388957/bin/graft.js#L27 25 | execFileSync(process.execPath, ["--import", tsxPath, script, ...process.argv.slice(2)], { 26 | stdio: "inherit", > 27 | env: { ...process.env, __GRAFT_TSX_LOADED: "1" }, 28 | }); 29 | } catch (err) {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.0
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/flyingrobots/graft/blob/85f8b6cdfba13196373ebdb029ba71067c61f3f9/bin/graft.js#L37 35 | execFileSync(process.execPath, ["--import", tsxPath, script, ...process.argv.slice(2)], { 36 | stdio: "inherit", > 37 | env: { ...process.env, __GRAFT_TSX_LOADED: "1" }, 38 | }); 39 | } catch (err) {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.5
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/flyingrobots/graft/blob/29469df8e64b7bfdc66f0f7132014328c3dd3681/bin/graft.js#L34 32 | execFileSync(process.execPath, ["--import", tsxPath, script, ...process.argv.slice(2)], { 33 | stdio: "inherit", > 34 | env: { ...process.env, __GRAFT_TSX_LOADED: "1" }, 35 | }); 36 | } catch (err) {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.