@reftrixmcp/mcp-server
MCP Server for Reftrix - AI agent integration for web design analysis, layout extraction, motion detection, and quality evaluation
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:etc-passwd-access | AI (semgrep): Fires on a comment string listing /etc/passwd as an example of path traversal to reject — not actual credential access. | ai | |
| semgrep | semgrep:shady-links-raw-ip | AI (semgrep): Fires on a localhost (127.0.0.1) log message, not an outbound request to a raw IP. | ai | |
| semgrep | semgrep:base64-decode | AI (semgrep): Standard HTTP Basic Auth credential parsing in an admin UI handler — expected pattern. | ai | |
| semgrep | semgrep:env-spread | AI (semgrep): Spreading process.env to pass PGPASSWORD to a subprocess is the standard pg/psql pattern. | ai | |
| semgrep | semgrep:env-bulk-read | AI (semgrep): Used to merge .env.local into a subprocess environment — legitimate config utility pattern. | ai | |
| phantom-deps | phantom-dep:ws | AI (phantom-deps): ws is a transitive dep used via config; phantom-dep heuristic fires on config-only references. | ai | |
| phantom-deps | phantom-dep:pngjs | AI (phantom-deps): pngjs referenced in config/type context; phantom-dep heuristic false positive. | ai | |
| phantom-deps | phantom-dep:culori | AI (phantom-deps): culori referenced in config; phantom-dep heuristic false positive. | ai |
Versions (showing 1 of 1)
| Version | Deps | Published |
|---|---|---|
| 0.5.1 | 22 / 15 |
v0.5.1
8 findingsSpreading entire process.env into an object — may capture all secrets 328 | 329 | // 環境変数にパスワードを設定(コマンドライン引数には含めない) > 330 | const env: typeof process.env = { 331 | ...process.env, 332 | PGPASSWORD: connInfo.password,
Spreading entire process.env into an object — may capture all secrets 426 | 427 | // 環境変数にパスワードを設定 > 428 | const env: typeof process.env = { 429 | ...process.env, 430 | PGPASSWORD: connInfo.password,
Accessing /etc/passwd or /etc/shadow — credential harvesting on Linux 264 | * Validate that webPageId matches the strict UUID v4/v7 format 265 | * > 266 | * パストラバーサル(`../foo`, `/etc/passwd` など)、ヌル文字混入、 267 | * RFC 4122 非準拠の variant/version を拒否する。 268 | * Rejects path traversal, null byte injection, and non-RFC 4122 variants.
Spreading entire process.env into an object — may capture all secrets 752 | private buildSpawnEnv(workerType: WorkerType): Record<string, string | undefined> { 753 | const config = this.typeConfigs[workerType]; > 754 | const env: Record<string, string | undefined> = { ...process.env }; 755 | 756 | if (this.config.workerEnv && workerType === "page") {
Accessing /etc/passwd or /etc/shadow — credential harvesting on Linux 185 | * SEC H-1 / L-1 (v0.4.0 PR4 audit): BullMQ Redis 越しに受信する 186 | * `screenshotStoragePath` は外部入力同等。旧実装 (`fs.existsSync` + > 187 | * `path.resolve`) では `/etc/passwd.png` 等の任意パス読み取りが可能だったため、 188 | * allowlist + realpath ベースの検証を再適用した。 189 | *
Accessing /etc/passwd or /etc/shadow — credential harvesting on Linux 191 | * BullMQ Redis is treated as external input. The previous implementation 192 | * (`fs.existsSync` + `path.resolve`) allowed arbitrary path reads such as > 193 | * `/etc/passwd.png`; the allowlist + realpath check is now re-applied. 194 | */ 195 | async function resolveScreenshotPath(
Spreading entire process.env into an object — may capture all secrets 138 | function buildChildEnv(): Record<string, string> { 139 | const profile = computeMemoryProfile(); > 140 | const baseEnv = { ...process.env } as Record<string, string>; 141 | 142 | // P0-1: Disable worker_threads nesting in child processes
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.