@promptbook/node BUSL-1.1 14 versions

@promptbook/node

npm Repository Homepage

Promptbook: Create persistent AI agents that turn your company's scattered knowledge into action

14

Versions

BUSL-1.1

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

hejny

Keywords

aiai-agentsai-application-frameworkai-assistantai-automationai-developmentai-frameworkai-opsai-orchestrationai-pipelineai-platformai-scriptingai-sdkai-workflowapi-integrationautomation-frameworkbackendbook-languagebrowserchatbotcontent-generationconversational-aicross-platformcross-providerdeveloper-toolsembeddingsfunction-callinggenerative-aihuman-readablejavascriptknowledge-baselanguage-modellarge-language-modelsllmllmopsmachine-learningmarkdown-dslmlopsmodel-agnosticmulti-modelmultimodalnatural-languagenatural-language-processingnlpnodejsorchestrationpipelineplain-englishpromptprompt-chainingprompt-engineeringprompt-managementprompt-templateragreasoningserver-sidetask-automationtemplatetext-generationtext-processingtypescriptunified-interfacevendor-agnosticworkflowworkflow-engine

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
semgrep	semgrep:env-spread	AI (semgrep): Spreading process.env into child_process spawn options is a standard pattern for passing environment to subprocesses.	ai	2026/05/30
semgrep	semgrep:eval-usage	AI (semgrep): eval() used in a script execution loop with a TODO to replace; consistent with AI pipeline/scripting framework functionality.	ai	2026/05/29
typosquat	typosquat.levenshtein:zod	AI (typosquat): Scoped package @promptbook/node is clearly not a typosquat of zod; Levenshtein match is spurious.	ai	2026/05/27
semgrep	semgrep:api-obfuscation-reflect	AI (semgrep): Standard Proxy/Reflect pattern for property delegation; not obfuscation.	ai	2026/05/27
semgrep	semgrep:new-function-constructor	AI (semgrep): Used for Node.js environment detection via global scope check; benign pattern.	ai	2026/05/27
semgrep	semgrep:child-process-import	AI (semgrep): Node.js-specific package legitimately uses child_process; expected for this package.	ai	2026/05/27

Versions (showing 14 of 14)

Version	Deps	Published
0.110.0	18 / 0	2026-02-13
0.105.0	17 / 0	2026-01-29
0.104.0	11 / 0	2025-12-31
0.103.0	11 / 0	2025-12-11
0.102.0	11 / 0	2025-10-14
0.101.0	11 / 0	2025-10-03
0.100.2	11 / 0	2025-09-08
0.100.1	11 / 0	2025-09-04
0.100.0	11 / 0	2025-09-03
0.98.0	12 / 0	2025-06-17
0.95.0	12 / 0	2025-05-21
0.94.0	12 / 0	2025-05-21
0.93.0	12 / 0	2025-05-14
0.92.0	12 / 0	2025-05-13

v0.110.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.105.0

2 findings

HIGH env-spread: esm/index.es.js:17928 semgrep

Spreading entire process.env into an object — may capture all secrets Source: https://github.com/webgptorg/promptbook/blob/d1b7003171c67142c266366e0e34f41db7ef1858/esm/index.es.js#L17928 17926 | cwd, 17927 | shell: true, > 17928 | env: env ? { ...process.env, ...env } : process.env, 17929 | }); 17930 | if (isVerbose) {

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.104.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.103.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.102.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.101.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.100.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.100.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.100.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.98.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.95.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.94.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.93.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.92.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.