@mariozechner/pi-coding-agent
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/modes/interactive/components/daxnuts.js | AI (source-diff): Hex-encoded 32x32 pixel art Easter egg, not obfuscated code. | ai | |
| source-diff | obfuscated-file:examples/extensions/doom-overlay/doom/build/doom.js | AI (source-diff): Emscripten-compiled WASM JS loader in examples dir; standard build artifact, not hand-obfuscated. | ai | |
| dependencies | unvetted-dep:@mariozechner/clipboard | AI (dependencies): Same-author, same-namespace package (@mariozechner/*) from a publisher with a clean track record. Clipboard utility is a natural dependency for a coding agent CLI. | ai | |
| phantom-deps | phantom-dep:glob | AI (phantom-deps): glob is explicitly declared as a runtime dependency in package.json; the phantom-dep finding is a false positive — it is used by the package even if not directly imported at the top level. | ai | |
| provenance | no-provenance | AI (provenance): Publisher has a clean track record; lack of provenance is common and not a risk signal for this package. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): uuid is a ubiquitous, well-vetted package; adding it as a dependency poses no supply-chain risk for this package. | ai | |
| semgrep | semgrep:steganography-image-eval | AI (semgrep): Flagged code reads a Doom WAD game data file (not steganographic image data) and loads it as a JS module. Legitimate example extension for a coding agent tool. | ai | |
| phantom-deps | phantom-dep:marked | AI (phantom-deps): marked is listed as a runtime dependency in package.json; phantom detection appears to be a false positive for this package. | ai | |
| semgrep | semgrep:child-process-import | AI (semgrep): child_process used to invoke PowerShell for Windows toast notifications in notify.ts. Legitimate system notification functionality. | ai | |
| semgrep | semgrep:shady-links-raw-ip | AI (semgrep): IP 127.0.0.1 is localhost used as OAuth redirect URI for CLI OAuth PKCE flow — standard and expected pattern for CLI tools. | ai | |
| semgrep | semgrep:base64-decode | AI (semgrep): Base64 decoding of AI-generated image data written to disk. Standard image generation handling pattern, not a malicious payload. | ai | |
| semgrep | semgrep:new-function-constructor | AI (semgrep): new Function() used to dynamically load a pre-compiled Doom JS bundle in an example extension. Legitimate module loading pattern, not malicious code execution. | ai |
Versions (showing 51 of 219)
| Version | Deps | Published |
|---|---|---|
| 0.73.1 | 21 / 8 | |
| 0.72.1 | 21 / 8 | |
| 0.72.0 | 21 / 8 | |
| 0.71.1 | 21 / 8 | |
| 0.71.0 | 21 / 8 | |
| 0.70.6 | 21 / 8 | |
| 0.70.5 | 21 / 8 | |
| 0.70.4 | 21 / 8 | |
| 0.70.3 | 21 / 8 | |
| 0.70.2 | 21 / 8 | |
| 0.70.1 | 21 / 8 | |
| 0.70.0 | 21 / 8 | |
| 0.69.0 | 21 / 8 | |
| 0.68.1 | 22 / 8 | |
| 0.68.0 | 22 / 8 | |
| 0.67.68 | 21 / 8 | |
| 0.67.67 | 21 / 8 | |
| 0.67.6 | 21 / 8 | |
| 0.67.5 | 21 / 8 | |
| 0.67.4 | 21 / 8 | |
| 0.67.3 | 21 / 8 | |
| 0.67.2 | 21 / 8 | |
| 0.67.1 | 20 / 8 | |
| 0.67.0 | 20 / 8 | |
| 0.66.1 | 20 / 8 | |
| 0.66.0 | 20 / 8 | |
| 0.65.2 | 20 / 8 | |
| 0.65.1 | 20 / 8 | |
| 0.65.0 | 20 / 8 | |
| 0.64.0 | 20 / 8 | |
| 0.63.2 | 20 / 8 | |
| 0.63.1 | 20 / 8 | |
| 0.63.0 | 20 / 8 | |
| 0.62.0 | 19 / 8 | |
| 0.61.1 | 19 / 8 | |
| 0.61.0 | 19 / 8 | |
| 0.60.0 | 19 / 8 | |
| 0.59.0 | 19 / 8 | |
| 0.58.4 | 19 / 8 | |
| 0.58.3 | 19 / 8 | |
| 0.58.1 | 19 / 8 | |
| 0.58.0 | 19 / 8 | |
| 0.57.1 | 19 / 8 | |
| 0.57.0 | 19 / 8 | |
| 0.56.3 | 19 / 8 | |
| 0.56.2 | 19 / 8 | |
| 0.56.1 | 19 / 8 | |
| 0.56.0 | 19 / 8 | |
| 0.55.4 | 17 / 8 | |
| 0.55.3 | 17 / 8 | |
| 0.55.2 | 17 / 8 |
v0.73.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.72.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.72.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.71.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.71.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.70.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.70.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.70.2
2 findingsData read from image file then executed — steganography attack pattern Source: https://github.com/badlogic/pi-mono/blob/48aa882b5a51e4478da1b65f98c3401151f22e3f/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.70.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.70.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.69.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.68.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.68.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.67.68
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.67.67
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.67.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.67.5
2 findingsThis version was published by a different npm account than previous versions on 2026-04-16. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.67.4
2 findingsThis version was published by a different npm account than previous versions on 2026-04-16. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.67.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.67.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.67.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.67.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.66.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.66.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.65.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.65.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.65.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.64.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.63.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.63.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.63.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.62.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.61.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.61.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.60.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.59.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.58.4
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.58.3
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.58.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.58.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.57.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.57.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.56.3
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.56.2
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.56.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.56.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.55.4
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.55.3
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.55.2
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.