@infernetprotocol/cli
GPU-node CLI / daemon for the Infernet Protocol — register a GPU server with a Supabase control plane and start earning.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:dotenv | AI (phantom-deps): dotenv is declared in dependencies and used via config files; stable false positive. | ai | |
| semgrep | semgrep:silent-process-exec-var | AI (semgrep): Same browser-open pattern; stable false positive for this CLI package. | ai | |
| semgrep | semgrep:env-spread | AI (semgrep): Passing process.env to a daemon subprocess is expected behavior for a GPU daemon CLI. | ai | |
| semgrep | semgrep:silent-process-exec | AI (semgrep): Detached spawn opens a browser URL for OAuth login flow; not a reverse shell or miner. | ai | |
| semgrep | semgrep:base64-decode | AI (semgrep): Base64 decode in nip44.js is part of NIP-44 crypto protocol implementation, not payload hiding. | ai | |
| typosquat | typosquat.levenshtein:joi | AI (typosquat): Scoped package @infernetprotocol/cli is not impersonating joi; Levenshtein match is a false positive. | ai | |
| semgrep | semgrep:shady-links-raw-ip | AI (semgrep): 127.0.0.1 is a localhost default for self-hosted Supabase; not an exfiltration endpoint. | ai |
Versions (showing 7 of 7)
| Version | Deps | Published |
|---|---|---|
| 0.1.41 | 13 / 0 | |
| 0.1.40 | 13 / 0 | |
| 0.1.39 | 13 / 0 | |
| 0.1.36 | 13 / 0 | |
| 0.1.32 | 13 / 0 | |
| 0.1.31 | 13 / 0 | |
| 0.1.30 | 13 / 0 |
v0.1.41
6 findingsSilent detached process — runs invisibly in the background (reverse shells, miners) 46 | process.platform === "win32" ? ["/c", "start", "", url] : [url]; 47 | try { > 48 | const child = spawn(opener, args, { stdio: "ignore", detached: true }); 49 | child.on("error", () => {}); 50 | child.unref?.();
Silent detached process — runs invisibly in the background (reverse shells, miners) 46 | process.platform === "win32" ? ["/c", "start", "", url] : [url]; 47 | try { > 48 | const child = spawn(opener, args, { stdio: "ignore", detached: true }); 49 | child.on("error", () => {}); 50 | child.unref?.();
Spreading entire process.env into an object — may capture all secrets 96 | // Create the repo (idempotent — won't fail if it exists) 97 | await run(hfCli, ["repo", "create", hfRepo, "--type", "model", "-y"], { > 98 | env: { ...process.env, HF_TOKEN: token, HUGGINGFACE_TOKEN: token } 99 | }).catch(() => { /* may already exist */ }); 100 | await run(hfCli, ["upload", hfRepo, dir, ".", "--repo-type", "model"], {
Spreading entire process.env into an object — may capture all secrets 99 | }).catch(() => { /* may already exist */ }); 100 | await run(hfCli, ["upload", hfRepo, dir, ".", "--repo-type", "model"], { > 101 | env: { ...process.env, HF_TOKEN: token, HUGGINGFACE_TOKEN: token } 102 | }); 103 | process.stdout.write(`✓ HF: https://huggingface.co/${hfRepo}\n`);
Spreading entire process.env into an object — may capture all secrets 38 | detached: true, 39 | stdio: ['ignore', out, err], > 40 | env: { ...process.env, INFERNET_DAEMON_FOREGROUND: '1' } 41 | } 42 | );
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.40
6 findingsSilent detached process — runs invisibly in the background (reverse shells, miners) 46 | process.platform === "win32" ? ["/c", "start", "", url] : [url]; 47 | try { > 48 | const child = spawn(opener, args, { stdio: "ignore", detached: true }); 49 | child.on("error", () => {}); 50 | child.unref?.();
Silent detached process — runs invisibly in the background (reverse shells, miners) 46 | process.platform === "win32" ? ["/c", "start", "", url] : [url]; 47 | try { > 48 | const child = spawn(opener, args, { stdio: "ignore", detached: true }); 49 | child.on("error", () => {}); 50 | child.unref?.();
Spreading entire process.env into an object — may capture all secrets 96 | // Create the repo (idempotent — won't fail if it exists) 97 | await run(hfCli, ["repo", "create", hfRepo, "--type", "model", "-y"], { > 98 | env: { ...process.env, HF_TOKEN: token, HUGGINGFACE_TOKEN: token } 99 | }).catch(() => { /* may already exist */ }); 100 | await run(hfCli, ["upload", hfRepo, dir, ".", "--repo-type", "model"], {
Spreading entire process.env into an object — may capture all secrets 99 | }).catch(() => { /* may already exist */ }); 100 | await run(hfCli, ["upload", hfRepo, dir, ".", "--repo-type", "model"], { > 101 | env: { ...process.env, HF_TOKEN: token, HUGGINGFACE_TOKEN: token } 102 | }); 103 | process.stdout.write(`✓ HF: https://huggingface.co/${hfRepo}\n`);
Spreading entire process.env into an object — may capture all secrets 38 | detached: true, 39 | stdio: ['ignore', out, err], > 40 | env: { ...process.env, INFERNET_DAEMON_FOREGROUND: '1' } 41 | } 42 | );
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.39
6 findingsSilent detached process — runs invisibly in the background (reverse shells, miners) 46 | process.platform === "win32" ? ["/c", "start", "", url] : [url]; 47 | try { > 48 | const child = spawn(opener, args, { stdio: "ignore", detached: true }); 49 | child.on("error", () => {}); 50 | child.unref?.();
Silent detached process — runs invisibly in the background (reverse shells, miners) 46 | process.platform === "win32" ? ["/c", "start", "", url] : [url]; 47 | try { > 48 | const child = spawn(opener, args, { stdio: "ignore", detached: true }); 49 | child.on("error", () => {}); 50 | child.unref?.();
Spreading entire process.env into an object — may capture all secrets 96 | // Create the repo (idempotent — won't fail if it exists) 97 | await run(hfCli, ["repo", "create", hfRepo, "--type", "model", "-y"], { > 98 | env: { ...process.env, HF_TOKEN: token, HUGGINGFACE_TOKEN: token } 99 | }).catch(() => { /* may already exist */ }); 100 | await run(hfCli, ["upload", hfRepo, dir, ".", "--repo-type", "model"], {
Spreading entire process.env into an object — may capture all secrets 99 | }).catch(() => { /* may already exist */ }); 100 | await run(hfCli, ["upload", hfRepo, dir, ".", "--repo-type", "model"], { > 101 | env: { ...process.env, HF_TOKEN: token, HUGGINGFACE_TOKEN: token } 102 | }); 103 | process.stdout.write(`✓ HF: https://huggingface.co/${hfRepo}\n`);
Spreading entire process.env into an object — may capture all secrets 38 | detached: true, 39 | stdio: ['ignore', out, err], > 40 | env: { ...process.env, INFERNET_DAEMON_FOREGROUND: '1' } 41 | } 42 | );
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.36
6 findingsSilent detached process — runs invisibly in the background (reverse shells, miners) 46 | process.platform === "win32" ? ["/c", "start", "", url] : [url]; 47 | try { > 48 | const child = spawn(opener, args, { stdio: "ignore", detached: true }); 49 | child.on("error", () => {}); 50 | child.unref?.();
Silent detached process — runs invisibly in the background (reverse shells, miners) 46 | process.platform === "win32" ? ["/c", "start", "", url] : [url]; 47 | try { > 48 | const child = spawn(opener, args, { stdio: "ignore", detached: true }); 49 | child.on("error", () => {}); 50 | child.unref?.();
Spreading entire process.env into an object — may capture all secrets 96 | // Create the repo (idempotent — won't fail if it exists) 97 | await run(hfCli, ["repo", "create", hfRepo, "--type", "model", "-y"], { > 98 | env: { ...process.env, HF_TOKEN: token, HUGGINGFACE_TOKEN: token } 99 | }).catch(() => { /* may already exist */ }); 100 | await run(hfCli, ["upload", hfRepo, dir, ".", "--repo-type", "model"], {
Spreading entire process.env into an object — may capture all secrets 99 | }).catch(() => { /* may already exist */ }); 100 | await run(hfCli, ["upload", hfRepo, dir, ".", "--repo-type", "model"], { > 101 | env: { ...process.env, HF_TOKEN: token, HUGGINGFACE_TOKEN: token } 102 | }); 103 | process.stdout.write(`✓ HF: https://huggingface.co/${hfRepo}\n`);
Spreading entire process.env into an object — may capture all secrets 38 | detached: true, 39 | stdio: ['ignore', out, err], > 40 | env: { ...process.env, INFERNET_DAEMON_FOREGROUND: '1' } 41 | } 42 | );
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.32
4 findingsSilent detached process — runs invisibly in the background (reverse shells, miners) 46 | process.platform === "win32" ? ["/c", "start", "", url] : [url]; 47 | try { > 48 | const child = spawn(opener, args, { stdio: "ignore", detached: true }); 49 | child.on("error", () => {}); 50 | child.unref?.();
Silent detached process — runs invisibly in the background (reverse shells, miners) 46 | process.platform === "win32" ? ["/c", "start", "", url] : [url]; 47 | try { > 48 | const child = spawn(opener, args, { stdio: "ignore", detached: true }); 49 | child.on("error", () => {}); 50 | child.unref?.();
Spreading entire process.env into an object — may capture all secrets 38 | detached: true, 39 | stdio: ['ignore', out, err], > 40 | env: { ...process.env, INFERNET_DAEMON_FOREGROUND: '1' } 41 | } 42 | );
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.31
4 findingsSilent detached process — runs invisibly in the background (reverse shells, miners) 46 | process.platform === "win32" ? ["/c", "start", "", url] : [url]; 47 | try { > 48 | const child = spawn(opener, args, { stdio: "ignore", detached: true }); 49 | child.on("error", () => {}); 50 | child.unref?.();
Silent detached process — runs invisibly in the background (reverse shells, miners) 46 | process.platform === "win32" ? ["/c", "start", "", url] : [url]; 47 | try { > 48 | const child = spawn(opener, args, { stdio: "ignore", detached: true }); 49 | child.on("error", () => {}); 50 | child.unref?.();
Spreading entire process.env into an object — may capture all secrets 38 | detached: true, 39 | stdio: ['ignore', out, err], > 40 | env: { ...process.env, INFERNET_DAEMON_FOREGROUND: '1' } 41 | } 42 | );
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.30
4 findingsSilent detached process — runs invisibly in the background (reverse shells, miners) 46 | process.platform === "win32" ? ["/c", "start", "", url] : [url]; 47 | try { > 48 | const child = spawn(opener, args, { stdio: "ignore", detached: true }); 49 | child.on("error", () => {}); 50 | child.unref?.();
Silent detached process — runs invisibly in the background (reverse shells, miners) 46 | process.platform === "win32" ? ["/c", "start", "", url] : [url]; 47 | try { > 48 | const child = spawn(opener, args, { stdio: "ignore", detached: true }); 49 | child.on("error", () => {}); 50 | child.unref?.();
Spreading entire process.env into an object — may capture all secrets 38 | detached: true, 39 | stdio: ['ignore', out, err], > 40 | env: { ...process.env, INFERNET_DAEMON_FOREGROUND: '1' } 41 | } 42 | );
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.