@namzu/sdk
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:etc-passwd-access | AI (semgrep): Appears only in test fixtures simulating file-path tool inputs; not production credential harvesting. | ai | |
| semgrep | semgrep:env-spread | AI (semgrep): Standard pattern for spawning child processes with merged env in an MCP stdio connector; not exfiltration. | ai | |
| semgrep | semgrep:base64-decode | AI (semgrep): Used in test to verify PNG magic bytes in base64 output; no payload hiding. | ai |
Versions (showing 18 of 18)
| Version | Deps | Published |
|---|---|---|
| 0.6.0 | 0 / 10 | |
| 0.5.0 | 0 / 10 | |
| 0.4.5 | 0 / 10 | |
| 0.4.4 | 0 / 10 | |
| 0.4.3 | 0 / 10 | |
| 0.4.2 | 0 / 8 | |
| 0.4.1 | 0 / 8 | |
| 0.4.0 | 0 / 8 | |
| 0.3.0 | 10 / 5 | |
| 0.2.0 | 10 / 4 | |
| 0.1.8 | 10 / 4 | |
| 0.1.7 | 10 / 4 | |
| 0.1.6 | 11 / 4 | |
| 0.1.5 | 11 / 4 | |
| 0.1.4 | 11 / 4 | |
| 0.1.3 | 11 / 4 | |
| 0.1.2 | 11 / 4 | |
| 0.1.1 | 11 / 3 |
v0.6.0
6 findingsAccessing /etc/passwd or /etc/shadow — credential harvesting on Linux 527 | runId: RID, 528 | toolUseId: TUID, > 529 | input: { file_path: '/etc/passwd' }, 530 | }, 531 | RID,
Accessing /etc/passwd or /etc/shadow — credential harvesting on Linux 534 | expect(r?.data).toMatchObject({ 535 | tool_use_id: TUID, > 536 | input: { file_path: '/etc/passwd' }, 537 | }) 538 | })
Spreading entire process.env into an object — may capture all secrets 24 | 25 | this.process = spawn(this.config.command, this.config.args ?? [], { > 26 | env: { ...process.env, ...this.config.env }, 27 | cwd: this.config.cwd, 28 | stdio: ['pipe', 'pipe', 'pipe'],
Spreading entire process.env into an object — may capture all secrets 101 | 102 | const cwd = options?.cwd ? resolve(this.cwd, options.cwd) : this.cwd > 103 | const env = { ...process.env, ...this.envVars, ...options?.env } 104 | const timeoutMs = options?.timeoutMs ?? 30_000 105 | const shell = options?.shell ?? this.shell ?? true
Spreading entire process.env into an object — may capture all secrets 74 | cwd: context.workingDirectory, 75 | timeout: input.timeout, > 76 | env: { ...process.env, ...context.env }, 77 | maxBuffer: 1024 * 1024 * 10, 78 | })
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.0
6 findingsAccessing /etc/passwd or /etc/shadow — credential harvesting on Linux 527 | runId: RID, 528 | toolUseId: TUID, > 529 | input: { file_path: '/etc/passwd' }, 530 | }, 531 | RID,
Accessing /etc/passwd or /etc/shadow — credential harvesting on Linux 534 | expect(r?.data).toMatchObject({ 535 | tool_use_id: TUID, > 536 | input: { file_path: '/etc/passwd' }, 537 | }) 538 | })
Spreading entire process.env into an object — may capture all secrets 24 | 25 | this.process = spawn(this.config.command, this.config.args ?? [], { > 26 | env: { ...process.env, ...this.config.env }, 27 | cwd: this.config.cwd, 28 | stdio: ['pipe', 'pipe', 'pipe'],
Spreading entire process.env into an object — may capture all secrets 101 | 102 | const cwd = options?.cwd ? resolve(this.cwd, options.cwd) : this.cwd > 103 | const env = { ...process.env, ...this.envVars, ...options?.env } 104 | const timeoutMs = options?.timeoutMs ?? 30_000 105 | const shell = options?.shell ?? this.shell ?? true
Spreading entire process.env into an object — may capture all secrets 74 | cwd: context.workingDirectory, 75 | timeout: input.timeout, > 76 | env: { ...process.env, ...context.env }, 77 | maxBuffer: 1024 * 1024 * 10, 78 | })
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.5
4 findingsSpreading entire process.env into an object — may capture all secrets 24 | 25 | this.process = spawn(this.config.command, this.config.args ?? [], { > 26 | env: { ...process.env, ...this.config.env }, 27 | cwd: this.config.cwd, 28 | stdio: ['pipe', 'pipe', 'pipe'],
Spreading entire process.env into an object — may capture all secrets 101 | 102 | const cwd = options?.cwd ? resolve(this.cwd, options.cwd) : this.cwd > 103 | const env = { ...process.env, ...this.envVars, ...options?.env } 104 | const timeoutMs = options?.timeoutMs ?? 30_000 105 | const shell = options?.shell ?? this.shell ?? true
Spreading entire process.env into an object — may capture all secrets 74 | cwd: context.workingDirectory, 75 | timeout: input.timeout, > 76 | env: { ...process.env, ...context.env }, 77 | maxBuffer: 1024 * 1024 * 10, 78 | })
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.4
4 findingsSpreading entire process.env into an object — may capture all secrets 24 | 25 | this.process = spawn(this.config.command, this.config.args ?? [], { > 26 | env: { ...process.env, ...this.config.env }, 27 | cwd: this.config.cwd, 28 | stdio: ['pipe', 'pipe', 'pipe'],
Spreading entire process.env into an object — may capture all secrets 101 | 102 | const cwd = options?.cwd ? resolve(this.cwd, options.cwd) : this.cwd > 103 | const env = { ...process.env, ...this.envVars, ...options?.env } 104 | const timeoutMs = options?.timeoutMs ?? 30_000 105 | const shell = options?.shell ?? this.shell ?? true
Spreading entire process.env into an object — may capture all secrets 74 | cwd: context.workingDirectory, 75 | timeout: input.timeout, > 76 | env: { ...process.env, ...context.env }, 77 | maxBuffer: 1024 * 1024 * 10, 78 | })
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.3
4 findingsSpreading entire process.env into an object — may capture all secrets 24 | 25 | this.process = spawn(this.config.command, this.config.args ?? [], { > 26 | env: { ...process.env, ...this.config.env }, 27 | cwd: this.config.cwd, 28 | stdio: ['pipe', 'pipe', 'pipe'],
Spreading entire process.env into an object — may capture all secrets 101 | 102 | const cwd = options?.cwd ? resolve(this.cwd, options.cwd) : this.cwd > 103 | const env = { ...process.env, ...this.envVars, ...options?.env } 104 | const timeoutMs = options?.timeoutMs ?? 30_000 105 | const shell = options?.shell ?? this.shell ?? true
Spreading entire process.env into an object — may capture all secrets 74 | cwd: context.workingDirectory, 75 | timeout: input.timeout, > 76 | env: { ...process.env, ...context.env }, 77 | maxBuffer: 1024 * 1024 * 10, 78 | })
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.2
4 findingsSpreading entire process.env into an object — may capture all secrets 24 | 25 | this.process = spawn(this.config.command, this.config.args ?? [], { > 26 | env: { ...process.env, ...this.config.env }, 27 | cwd: this.config.cwd, 28 | stdio: ['pipe', 'pipe', 'pipe'],
Spreading entire process.env into an object — may capture all secrets 101 | 102 | const cwd = options?.cwd ? resolve(this.cwd, options.cwd) : this.cwd > 103 | const env = { ...process.env, ...this.envVars, ...options?.env } 104 | const timeoutMs = options?.timeoutMs ?? 30_000 105 | const shell = options?.shell ?? this.shell ?? true
Spreading entire process.env into an object — may capture all secrets 74 | cwd: context.workingDirectory, 75 | timeout: input.timeout, > 76 | env: { ...process.env, ...context.env }, 77 | maxBuffer: 1024 * 1024 * 10, 78 | })
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.1
4 findingsSpreading entire process.env into an object — may capture all secrets 24 | 25 | this.process = spawn(this.config.command, this.config.args ?? [], { > 26 | env: { ...process.env, ...this.config.env }, 27 | cwd: this.config.cwd, 28 | stdio: ['pipe', 'pipe', 'pipe'],
Spreading entire process.env into an object — may capture all secrets 101 | 102 | const cwd = options?.cwd ? resolve(this.cwd, options.cwd) : this.cwd > 103 | const env = { ...process.env, ...this.envVars, ...options?.env } 104 | const timeoutMs = options?.timeoutMs ?? 30_000 105 | const shell = options?.shell ?? this.shell ?? true
Spreading entire process.env into an object — may capture all secrets 74 | cwd: context.workingDirectory, 75 | timeout: input.timeout, > 76 | env: { ...process.env, ...context.env }, 77 | maxBuffer: 1024 * 1024 * 10, 78 | })
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.0
4 findingsSpreading entire process.env into an object — may capture all secrets 24 | 25 | this.process = spawn(this.config.command, this.config.args ?? [], { > 26 | env: { ...process.env, ...this.config.env }, 27 | cwd: this.config.cwd, 28 | stdio: ['pipe', 'pipe', 'pipe'],
Spreading entire process.env into an object — may capture all secrets 101 | 102 | const cwd = options?.cwd ? resolve(this.cwd, options.cwd) : this.cwd > 103 | const env = { ...process.env, ...this.envVars, ...options?.env } 104 | const timeoutMs = options?.timeoutMs ?? 30_000 105 | const shell = options?.shell ?? this.shell ?? true
Spreading entire process.env into an object — may capture all secrets 74 | cwd: context.workingDirectory, 75 | timeout: input.timeout, > 76 | env: { ...process.env, ...context.env }, 77 | maxBuffer: 1024 * 1024 * 10, 78 | })
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.0
4 findingsSpreading entire process.env into an object — may capture all secrets 24 | 25 | this.process = spawn(this.config.command, this.config.args ?? [], { > 26 | env: { ...process.env, ...this.config.env }, 27 | cwd: this.config.cwd, 28 | stdio: ['pipe', 'pipe', 'pipe'],
Spreading entire process.env into an object — may capture all secrets 101 | 102 | const cwd = options?.cwd ? resolve(this.cwd, options.cwd) : this.cwd > 103 | const env = { ...process.env, ...this.envVars, ...options?.env } 104 | const timeoutMs = options?.timeoutMs ?? 30_000 105 | const shell = options?.shell ?? this.shell ?? true
Spreading entire process.env into an object — may capture all secrets 74 | cwd: context.workingDirectory, 75 | timeout: input.timeout, > 76 | env: { ...process.env, ...context.env }, 77 | maxBuffer: 1024 * 1024 * 10, 78 | })
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.0
4 findingsSpreading entire process.env into an object — may capture all secrets 24 | 25 | this.process = spawn(this.config.command, this.config.args ?? [], { > 26 | env: { ...process.env, ...this.config.env }, 27 | cwd: this.config.cwd, 28 | stdio: ['pipe', 'pipe', 'pipe'],
Spreading entire process.env into an object — may capture all secrets 101 | 102 | const cwd = options?.cwd ? resolve(this.cwd, options.cwd) : this.cwd > 103 | const env = { ...process.env, ...this.envVars, ...options?.env } 104 | const timeoutMs = options?.timeoutMs ?? 30_000 105 | const shell = options?.shell ?? this.shell ?? true
Spreading entire process.env into an object — may capture all secrets 74 | cwd: context.workingDirectory, 75 | timeout: input.timeout, > 76 | env: { ...process.env, ...context.env }, 77 | maxBuffer: 1024 * 1024 * 10, 78 | })
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.8
4 findingsSpreading entire process.env into an object — may capture all secrets 24 | 25 | this.process = spawn(this.config.command, this.config.args ?? [], { > 26 | env: { ...process.env, ...this.config.env }, 27 | cwd: this.config.cwd, 28 | stdio: ['pipe', 'pipe', 'pipe'],
Spreading entire process.env into an object — may capture all secrets 101 | 102 | const cwd = options?.cwd ? resolve(this.cwd, options.cwd) : this.cwd > 103 | const env = { ...process.env, ...this.envVars, ...options?.env } 104 | const timeoutMs = options?.timeoutMs ?? 30_000 105 | const shell = options?.shell ?? this.shell ?? true
Spreading entire process.env into an object — may capture all secrets 74 | cwd: context.workingDirectory, 75 | timeout: input.timeout, > 76 | env: { ...process.env, ...context.env }, 77 | maxBuffer: 1024 * 1024 * 10, 78 | })
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.7
4 findingsSpreading entire process.env into an object — may capture all secrets 24 | 25 | this.process = spawn(this.config.command, this.config.args ?? [], { > 26 | env: { ...process.env, ...this.config.env }, 27 | cwd: this.config.cwd, 28 | stdio: ['pipe', 'pipe', 'pipe'],
Spreading entire process.env into an object — may capture all secrets 101 | 102 | const cwd = options?.cwd ? resolve(this.cwd, options.cwd) : this.cwd > 103 | const env = { ...process.env, ...this.envVars, ...options?.env } 104 | const timeoutMs = options?.timeoutMs ?? 30_000 105 | const shell = options?.shell ?? this.shell ?? true
Spreading entire process.env into an object — may capture all secrets 74 | cwd: context.workingDirectory, 75 | timeout: input.timeout, > 76 | env: { ...process.env, ...context.env }, 77 | maxBuffer: 1024 * 1024 * 10, 78 | })
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.6
4 findingsSpreading entire process.env into an object — may capture all secrets 24 | 25 | this.process = spawn(this.config.command, this.config.args ?? [], { > 26 | env: { ...process.env, ...this.config.env }, 27 | cwd: this.config.cwd, 28 | stdio: ['pipe', 'pipe', 'pipe'],
Spreading entire process.env into an object — may capture all secrets 101 | 102 | const cwd = options?.cwd ? resolve(this.cwd, options.cwd) : this.cwd > 103 | const env = { ...process.env, ...this.envVars, ...options?.env } 104 | const timeoutMs = options?.timeoutMs ?? 30_000 105 | const shell = options?.shell ?? this.shell ?? true
Spreading entire process.env into an object — may capture all secrets 74 | cwd: context.workingDirectory, 75 | timeout: input.timeout, > 76 | env: { ...process.env, ...context.env }, 77 | maxBuffer: 1024 * 1024 * 10, 78 | })
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.5
4 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/cogitave/namzu/blob/02fc6e9d951ca0ad832e2f88ece1c161e9756fd3/src/connector/mcp/stdio.ts#L26 24 | 25 | this.process = spawn(this.config.command, this.config.args ?? [], { > 26 | env: { ...process.env, ...this.config.env }, 27 | cwd: this.config.cwd, 28 | stdio: ['pipe', 'pipe', 'pipe'],
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/cogitave/namzu/blob/02fc6e9d951ca0ad832e2f88ece1c161e9756fd3/src/execution/local.ts#L103 101 | 102 | const cwd = options?.cwd ? resolve(this.cwd, options.cwd) : this.cwd > 103 | const env = { ...process.env, ...this.envVars, ...options?.env } 104 | const timeoutMs = options?.timeoutMs ?? 30_000 105 | const shell = options?.shell ?? this.shell ?? true
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/cogitave/namzu/blob/02fc6e9d951ca0ad832e2f88ece1c161e9756fd3/src/tools/builtins/bash.ts#L76 74 | cwd: context.workingDirectory, 75 | timeout: input.timeout, > 76 | env: { ...process.env, ...context.env }, 77 | maxBuffer: 1024 * 1024 * 10, 78 | })
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.4
4 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/cogitave/namzu/blob/32dc899631ba66caea9a08074caea91d17f8302e/src/connector/mcp/stdio.ts#L26 24 | 25 | this.process = spawn(this.config.command, this.config.args ?? [], { > 26 | env: { ...process.env, ...this.config.env }, 27 | cwd: this.config.cwd, 28 | stdio: ['pipe', 'pipe', 'pipe'],
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/cogitave/namzu/blob/32dc899631ba66caea9a08074caea91d17f8302e/src/execution/local.ts#L103 101 | 102 | const cwd = options?.cwd ? resolve(this.cwd, options.cwd) : this.cwd > 103 | const env = { ...process.env, ...this.envVars, ...options?.env } 104 | const timeoutMs = options?.timeoutMs ?? 30_000 105 | const shell = options?.shell ?? this.shell ?? true
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/cogitave/namzu/blob/32dc899631ba66caea9a08074caea91d17f8302e/src/tools/builtins/bash.ts#L76 74 | cwd: context.workingDirectory, 75 | timeout: input.timeout, > 76 | env: { ...process.env, ...context.env }, 77 | maxBuffer: 1024 * 1024 * 10, 78 | })
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.3
4 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/cogitave/namzu/blob/f832ce0da22fe1ca14118c08be2103997251b5d3/src/connector/mcp/stdio.ts#L26 24 | 25 | this.process = spawn(this.config.command, this.config.args ?? [], { > 26 | env: { ...process.env, ...this.config.env }, 27 | cwd: this.config.cwd, 28 | stdio: ['pipe', 'pipe', 'pipe'],
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/cogitave/namzu/blob/f832ce0da22fe1ca14118c08be2103997251b5d3/src/execution/local.ts#L103 101 | 102 | const cwd = options?.cwd ? resolve(this.cwd, options.cwd) : this.cwd > 103 | const env = { ...process.env, ...this.envVars, ...options?.env } 104 | const timeoutMs = options?.timeoutMs ?? 30_000 105 | const shell = options?.shell ?? this.shell ?? true
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/cogitave/namzu/blob/f832ce0da22fe1ca14118c08be2103997251b5d3/src/tools/builtins/bash.ts#L45 43 | cwd: context.workingDirectory, 44 | timeout: input.timeout, > 45 | env: { ...process.env, ...context.env }, 46 | maxBuffer: 1024 * 1024 * 10, 47 | })
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.2
4 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/cogitave/namzu/blob/2cf90a8c610f60b7ae8e286f989a07d6b5f98ff3/src/connector/mcp/stdio.ts#L26 24 | 25 | this.process = spawn(this.config.command, this.config.args ?? [], { > 26 | env: { ...process.env, ...this.config.env }, 27 | cwd: this.config.cwd, 28 | stdio: ['pipe', 'pipe', 'pipe'],
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/cogitave/namzu/blob/2cf90a8c610f60b7ae8e286f989a07d6b5f98ff3/src/execution/local.ts#L103 101 | 102 | const cwd = options?.cwd ? resolve(this.cwd, options.cwd) : this.cwd > 103 | const env = { ...process.env, ...this.envVars, ...options?.env } 104 | const timeoutMs = options?.timeoutMs ?? 30_000 105 | const shell = options?.shell ?? this.shell ?? true
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/cogitave/namzu/blob/2cf90a8c610f60b7ae8e286f989a07d6b5f98ff3/src/tools/builtins/bash.ts#L45 43 | cwd: context.workingDirectory, 44 | timeout: input.timeout, > 45 | env: { ...process.env, ...context.env }, 46 | maxBuffer: 1024 * 1024 * 10, 47 | })
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.1
4 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/cogitave/namzu/blob/5f31bfb274421ce0ebd466f39e07edd05055ace0/src/connector/mcp/stdio.ts#L26 24 | 25 | this.process = spawn(this.config.command, this.config.args ?? [], { > 26 | env: { ...process.env, ...this.config.env }, 27 | cwd: this.config.cwd, 28 | stdio: ['pipe', 'pipe', 'pipe'],
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/cogitave/namzu/blob/5f31bfb274421ce0ebd466f39e07edd05055ace0/src/execution/local.ts#L104 102 | 103 | const cwd = options?.cwd ? resolve(this.cwd, options.cwd) : this.cwd > 104 | const env = { ...process.env, ...this.envVars, ...options?.env } 105 | const timeoutMs = options?.timeoutMs ?? 30_000 106 | const shell = options?.shell ?? this.shell ?? true
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/cogitave/namzu/blob/5f31bfb274421ce0ebd466f39e07edd05055ace0/src/tools/builtins/bash.ts#L53 51 | cwd: context.workingDirectory, 52 | timeout: input.timeout, > 53 | env: { ...process.env, ...context.env }, 54 | maxBuffer: 1024 * 1024 * 10, 55 | })
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.