@testmuai/kane-cli
KaneAI Terminal UI — browser automation testing agent
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/HelpView-CDK7II5Q.js | AI (source-diff): Standard esbuild/rollup bundle output; readable React/Ink UI code, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/TestMdRunView-E4UDWIGT.js | AI (source-diff): Standard esbuild/rollup bundle output; readable React/Ink run view component, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/testmd-actions-O4NTH2OR.js | AI (source-diff): Standard esbuild/rollup bundle output; readable test action logic, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/SummaryBox-FDNFQYSC.js | AI (source-diff): Standard esbuild/rollup bundle output; readable UI summary component, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/run-test-md-5TNUTTEA.js | AI (source-diff): Standard esbuild/rollup bundle output; readable test-replay logic, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/generate-headless-7UYAPXE5.js | AI (source-diff): Minified rollup/vite bundle output; content is application UI/API code, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/HelpView-2IYG5AC3.js | AI (source-diff): Minified rollup/vite bundle output; content is HelpView UI component, not obfuscated malware. | ai | |
| source-diff | net-exec-file:dist/chunk-6NEJEMA6.js | AI (source-diff): Bundled CLI chunk; network calls are the app's own API client, not a dropper. Stable pattern for this package. | ai | |
| source-diff | obfuscated-file:dist/run-test-md-3WLYVWFB.js | AI (source-diff): Minified ESM bundle for test-md replay; long lines are standard bundler output, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/HelpView-MXW6PGOP.js | AI (source-diff): Minified ESM bundle for CLI help view; long lines are standard bundler output, not obfuscation. | ai | |
| source-diff | net-exec-file:dist/chunk-MBZOXXA4.js | AI (source-diff): Bundled CLI chunk; network calls and dynamic require are standard patterns in this tool's minified ESM output. | ai | |
| source-diff | obfuscated-file:dist/run-test-md-E2K4GEOB.js | AI (source-diff): Minified CLI bundle chunk; content is consistent with test-runner logic, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/HelpView-7LKN3TJT.js | AI (source-diff): Minified React/Ink UI component; long lines are standard bundler output, not obfuscation. | ai | |
| source-diff | net-exec-file:dist/chunk-VUIXILBR.js | AI (source-diff): Minified CLI bundle; network calls and dynamic require are part of normal CLI/browser-automation functionality, not dropper behavior. | ai | |
| source-diff | net-exec-file:dist/chunk-SOUKF5VL.js | AI (source-diff): Bundled CLI tool; network calls and dynamic require are standard in minified ESM bundles for this package. | ai | |
| source-diff | obfuscated-file:dist/HelpView-DOYUDPWZ.js | AI (source-diff): Minified React/Ink UI component; content is clearly legitimate CLI help view code. | ai | |
| source-diff | obfuscated-file:dist/HelpView-64BD2OKB.js | AI (source-diff): Minified React/Ink component referencing official LambdaTest repo URLs; standard build artifact. | ai | |
| source-diff | net-exec-file:dist/chunk-6JF2T7BO.js | AI (source-diff): Bundled CLI dist chunk; network calls are legitimate API interactions, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/HelpView-AZGTX7MR.js | AI (source-diff): Standard minified Vite/esbuild output for a React/Ink help view; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/HelpView-ZR5EXR7F.js | AI (source-diff): Minified Vite/esbuild bundle; sample shows legitimate React/Ink UI code for the kane-cli help view. | ai | |
| source-diff | net-exec-file:dist/chunk-RFGE6ULZ.js | AI (source-diff): Bundled CLI output using createRequire for ESM/CJS interop; network calls are module imports, not exfiltration. | ai | |
| source-diff | obfuscated-file:dist/HelpView-2ZFLX7JC.js | AI (source-diff): Minified React/Ink help view component; long lines are normal for bundled UI code, not obfuscation. | ai | |
| source-diff | net-exec-file:dist/chunk-UFNKCPUB.js | AI (source-diff): Large bundled CLI chunk; sample shows standard minified utilities, no malicious network/exec patterns. | ai | |
| source-diff | obfuscated-file:dist/HelpView-WVCLJJMT.js | AI (source-diff): Standard minified ESM bundle output from a build tool; content is clearly a CLI help view component. | ai | |
| source-diff | net-exec-file:dist/chunk-PSB4TGW4.js | AI (source-diff): Bundled CLI tool; network refs are URL strings in help/config, not dynamic fetch+eval dropper patterns. | ai | |
| source-diff | net-exec-file:dist/chunk-L2HVRWIT.js | AI (source-diff): Minified bundle for a CLI tool; sample shows standard library code (brace-expansion, path utils), not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/HelpView-DMXQKJYW.js | AI (source-diff): Minified React/Ink help-screen component; content is benign CLI UI code. | ai | |
| source-diff | net-exec-file:dist/chunk-V7M72PLH.js | AI (source-diff): Bundled CLI dist file; sample shows standard library code (brace-expansion, path utils), not malicious dropper behavior. | ai | |
| source-diff | large-new-source-files | AI (source-diff): CLI tool with bundled dist; large file count is expected for this package type. | ai | |
| source-diff | obfuscated-file:dist/HelpView-SIIWVMWF.js | AI (source-diff): Minified React/Ink component rendering CLI help text; matches declared LambdaTest/kane-cli repo and product. | ai | |
| source-diff | net-exec-file:dist/chunk-D3YS6JDD.js | AI (source-diff): Bundled CLI utility code (glob/braces parsing); network calls are part of legitimate CLI functionality, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/HelpView-QSQBGS3R.js | AI (source-diff): Minified bundle from LambdaTest's kane-cli; sample content matches legitimate CLI help view UI. | ai | |
| source-diff | net-exec-file:dist/chunk-GNMGQOGV.js | AI (source-diff): Bundled CLI output; sample shows standard library code (glob/brace-expansion), not dropper/loader malware. | ai | |
| phantom-deps | phantom-dep:open | AI (phantom-deps): Declared dependency used via dynamic imports in CLI framework; stable pattern. | ai | |
| phantom-deps | phantom-dep:commander | AI (phantom-deps): Declared dependency used via dynamic imports in CLI framework; stable pattern. | ai | |
| phantom-deps | phantom-dep:archiver | AI (phantom-deps): Declared implicit runtime binary dependency; stable for this package. | ai | |
| phantom-deps | phantom-dep:sharp | AI (phantom-deps): Declared implicit runtime binary dependency; stable for this package. | ai | |
| phantom-deps | phantom-dep:react | AI (phantom-deps): Declared dependency used via dynamic imports in CLI framework; stable pattern. | ai | |
| phantom-deps | phantom-dep:chalk | AI (phantom-deps): Declared dependency used via dynamic imports in CLI framework; stable pattern. | ai | |
| phantom-deps | phantom-dep:ink | AI (phantom-deps): Declared dependency used via dynamic imports in CLI framework; stable pattern. | ai |
Versions (showing 21 of 21)
| Version | Deps | Published |
|---|---|---|
| 0.4.0 | 7 / 0 | |
| 0.3.7 | 7 / 0 | |
| 0.3.6 | 7 / 0 | |
| 0.3.5 | 7 / 0 | |
| 0.3.4 | 7 / 0 | |
| 0.3.3 | 7 / 0 | |
| 0.3.2 | 7 / 0 | |
| 0.3.1 | 7 / 0 | |
| 0.3.0 | 7 / 0 | |
| 0.2.11 | 7 / 0 | |
| 0.2.10 | 7 / 0 | |
| 0.2.9 | 7 / 0 | |
| 0.2.8 | 7 / 0 | |
| 0.2.7 | 7 / 0 | |
| 0.2.6 | 7 / 0 | |
| 0.2.5 | 7 / 0 | |
| 0.2.4 | 7 / 0 | |
| 0.2.3 | 7 / 0 | |
| 0.2.2 | 7 / 0 | |
| 0.2.1 | 7 / 0 | |
| 0.2.0 | 7 / 0 |
v0.4.0
4 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.7
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.6
4 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.5
4 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.4
2 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.3
2 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.2
2 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.1
2 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.0
2 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.11
3 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.10
3 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.9
3 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.8
3 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.6
3 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.5
3 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.4
3 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.3
3 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.2
3 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.