@push.rocks/smartagent
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:eval-usage | AI (semgrep): eval() is intentional for browser script execution in this agentic framework; stable pattern across versions. | ai | |
| source-diff | obfuscated-file:dist_ts_mcp/index.js | AI (source-diff): Readable compiled TS output for MCP client integration; long lines from bundled logic, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist_ts_tools/tool.browser.js | AI (source-diff): Readable compiled TS output for browser tool abstraction; no obfuscation indicators in content. | ai | |
| source-diff | obfuscated-file:dist_ts_tools/tool.context.js | AI (source-diff): Readable compiled TS output for local execution context; no obfuscation indicators in content. | ai | |
| semgrep | semgrep:env-spread | AI (semgrep): Shell tool intentionally merges process.env with user-supplied env vars; standard pattern for subprocess execution. | ai | |
| provenance | no-provenance | AI (provenance): push.rocks ecosystem consistently publishes without Sigstore provenance; stable false positive for this publisher. | ai |
Versions (showing 16 of 16)
| Version | Deps | Published |
|---|---|---|
| 3.7.0 | 7 / 7 | |
| 3.5.0 | 6 / 7 | |
| 3.1.0 | 6 / 7 | |
| 3.0.3 | 6 / 7 | |
| 1.8.0 | 7 / 5 | |
| 1.5.4 | 7 / 5 | |
| 1.5.2 | 7 / 5 | |
| 1.5.1 | 7 / 5 | |
| 1.4.1 | 7 / 5 | |
| 1.4.0 | 7 / 5 | |
| 1.3.0 | 7 / 5 | |
| 1.2.6 | 7 / 5 | |
| 1.2.4 | 6 / 5 | |
| 1.1.1 | 6 / 5 | |
| 1.1.0 | 6 / 5 | |
| 1.0.2 | 5 / 5 |
v3.7.0
5 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: lossless.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.5.0
4 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: lossless.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.0
3 findingsSpreading entire process.env into an object — may capture all secrets 71 | } 72 | if (params.env) { > 73 | options.env = { 74 | ...process.env, 75 | ...params.env,
Spreading entire process.env into an object — may capture all secrets 90 | 91 | if (params.env) { > 92 | options.env = { 93 | ...process.env, 94 | ...(params.env as NodeJS.ProcessEnv),
[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.5.4
3 findingsSpreading entire process.env into an object — may capture all secrets 71 | } 72 | if (params.env) { > 73 | options.env = { 74 | ...process.env, 75 | ...params.env,
Spreading entire process.env into an object — may capture all secrets 90 | 91 | if (params.env) { > 92 | options.env = { 93 | ...process.env, 94 | ...(params.env as NodeJS.ProcessEnv),
[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.5.2
3 findingsSpreading entire process.env into an object — may capture all secrets 71 | } 72 | if (params.env) { > 73 | options.env = { 74 | ...process.env, 75 | ...params.env,
Spreading entire process.env into an object — may capture all secrets 90 | 91 | if (params.env) { > 92 | options.env = { 93 | ...process.env, 94 | ...(params.env as NodeJS.ProcessEnv),
[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.5.1
3 findingsSpreading entire process.env into an object — may capture all secrets 71 | } 72 | if (params.env) { > 73 | options.env = { 74 | ...process.env, 75 | ...params.env,
Spreading entire process.env into an object — may capture all secrets 90 | 91 | if (params.env) { > 92 | options.env = { 93 | ...process.env, 94 | ...(params.env as NodeJS.ProcessEnv),
[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.0
3 findingsSpreading entire process.env into an object — may capture all secrets 71 | } 72 | if (params.env) { > 73 | options.env = { 74 | ...process.env, 75 | ...params.env,
Spreading entire process.env into an object — may capture all secrets 90 | 91 | if (params.env) { > 92 | options.env = { 93 | ...process.env, 94 | ...(params.env as NodeJS.ProcessEnv),
[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.2.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.4
3 findingsSpreading entire process.env into an object — may capture all secrets 71 | } 72 | if (params.env) { > 73 | options.env = { 74 | ...process.env, 75 | ...params.env,
Spreading entire process.env into an object — may capture all secrets 90 | 91 | if (params.env) { > 92 | options.env = { 93 | ...process.env, 94 | ...(params.env as NodeJS.ProcessEnv),
[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.1
3 findingsSpreading entire process.env into an object — may capture all secrets 71 | } 72 | if (params.env) { > 73 | options.env = { 74 | ...process.env, 75 | ...params.env,
Spreading entire process.env into an object — may capture all secrets 90 | 91 | if (params.env) { > 92 | options.env = { 93 | ...process.env, 94 | ...(params.env as NodeJS.ProcessEnv),
[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.0
3 findingsSpreading entire process.env into an object — may capture all secrets 71 | } 72 | if (params.env) { > 73 | options.env = { 74 | ...process.env, 75 | ...params.env,
Spreading entire process.env into an object — may capture all secrets 90 | 91 | if (params.env) { > 92 | options.env = { 93 | ...process.env, 94 | ...(params.env as NodeJS.ProcessEnv),
[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.2
3 findingsSpreading entire process.env into an object — may capture all secrets 71 | } 72 | if (params.env) { > 73 | options.env = { 74 | ...process.env, 75 | ...params.env,
Spreading entire process.env into an object — may capture all secrets 90 | 91 | if (params.env) { > 92 | options.env = { 93 | ...process.env, 94 | ...(params.env as NodeJS.ProcessEnv),
[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.