@remnic/core — Greenflagged

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

joshuaswarren

Keywords

remnicmemoryaiagentcore

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
semgrep	semgrep:hex-decode	AI (semgrep): Hex decoding used for cryptographic envelope verification, not payload hiding.	ai	2026/05/27
semgrep	semgrep:etc-passwd-access	AI (semgrep): Fires in test file using /etc/passwd as a path-traversal test vector, not real credential harvesting.	ai	2026/05/27
semgrep	semgrep:base64-decode	AI (semgrep): Standard Gmail API email body decoding; not obfuscation.	ai	2026/05/27
semgrep	semgrep:shady-links-raw-ip	AI (semgrep): All instances are localhost (127.0.0.1) URLs in test files — not exfiltration.	ai	2026/05/27
semgrep	semgrep:env-spread	AI (semgrep): env spread passes environment to a child build process (node-gyp); not exfiltration.	ai	2026/05/26
install-scripts	install-script:postinstall	AI (install-scripts): Postinstall builds better-sqlite3 native module via node-gyp; standard pattern for this dependency.	ai	2026/05/26
phantom-deps	phantom-dep:node-gyp	AI (phantom-deps): node-gyp is an implicit build-time dependency invoked by better-sqlite3; not directly imported.	ai	2026/05/26
typosquat	typosquat.levenshtein:cors	AI (typosquat): Scoped package @remnic/core is the core module of the Remnic project, not a typosquat of cors.	ai	2026/05/22
phantom-deps	phantom-dep:@node-rs/argon2	AI (phantom-deps): Likely used for optional trust-zone/auth features; phantom-dep heuristic not reliable here.	ai	2026/05/22
phantom-deps	phantom-dep:@honcho-ai/sdk	AI (phantom-deps): May be used conditionally or via config; consistent with an AI memory framework pattern.	ai	2026/05/22
phantom-deps	phantom-dep:apache-arrow	AI (phantom-deps): apache-arrow is a transitive/peer dep of @lancedb/lancedb; declared but may not be directly imported.	ai	2026/05/22

Versions (showing 13 of 13)

Version	Deps	Published
1.1.21	12 / 3	2026-05-22
1.1.20	12 / 3	2026-05-22
1.1.10	12 / 3	2026-05-07
1.1.9	12 / 3	2026-05-05
1.1.5	12 / 3	2026-05-01
1.1.3	11 / 3	2026-04-28
1.1.2	10 / 3	2026-04-24
1.1.1	10 / 3	2026-04-23
1.1.0	10 / 3	2026-04-20
1.0.3	10 / 3	2026-04-19
1.0.2	10 / 3	2026-04-10
1.0.1	10 / 3	2026-04-10
1.0.0	9 / 3	2026-04-10

v1.1.21

6 findings

HIGH Package has 'postinstall' script install-scripts

Script: node ./scripts/ensure-better-sqlite3.mjs

HIGH env-spread: scripts/ensure-better-sqlite3.mjs:93 semgrep

Spreading entire process.env into an object — may capture all secrets 91 | cwd, 92 | encoding: "utf8", > 93 | env: { 94 | ...process.env, 95 | npm_config_build_from_source: "true",

HIGH etc-passwd-access: src/connectors/live/github.test.ts:203 semgrep

Accessing /etc/passwd or /etc/shadow — credential harvesting on Linux 201 | token: SYNTHETIC_TOKEN, 202 | userLogin: SYNTHETIC_LOGIN, > 203 | repos: ["../../../etc/passwd"], 204 | }), 205 | /owner\/repo/,

HIGH etc-passwd-access: src/connectors/live/google-drive.test.ts:169 semgrep

Accessing /etc/passwd or /etc/shadow — credential harvesting on Linux 167 | // Path-traversal-shaped ids must be rejected. 168 | assert.throws( > 169 | () => validateGoogleDriveConfig({ ...SYNTHETIC_CREDS, folderIds: ["../etc/passwd"] }), 170 | /not a valid Drive folder id/, 171 | );

HIGH etc-passwd-access: src/connectors/live/notion.test.ts:218 semgrep

Accessing /etc/passwd or /etc/shadow — credential harvesting on Linux 216 | ); 217 | assert.throws( > 218 | () => validateNotionConfig({ token: SYNTHETIC_TOKEN, databaseIds: ["../etc/passwd"] }), 219 | /not a valid Notion id/, 220 | );

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.20