@vibe-forge/adapter-kimi
Kimi CLI Adapter for Vibe Forge
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:env-spread | AI (semgrep): All instances are in test files injecting env vars into child processes — standard test harness pattern, not production secret exposure. | ai | |
| dependencies | unvetted-dep:@vibe-forge/hooks | AI (dependencies): Internal monorepo sibling package; expected dependency for this adapter. | ai | |
| dependencies | unvetted-dep:@vibe-forge/types | AI (dependencies): Internal monorepo sibling package; expected dependency for this adapter. | ai |
v3.4.0
8 findingsSpreading entire process.env into an object — may capture all secrets 198 | }), 199 | encoding: 'utf8', > 200 | env: { 201 | ...process.env, 202 | __VF_KIMI_CALL_HOOK_PATH__: fakeCallHookPath,
Spreading entire process.env into an object — may capture all secrets 252 | }), 253 | encoding: 'utf8', > 254 | env: { 255 | ...process.env, 256 | __VF_KIMI_CALL_HOOK_PATH__: fakeCallHookPath,
Spreading entire process.env into an object — may capture all secrets 304 | }), 305 | encoding: 'utf8', > 306 | env: { 307 | ...process.env, 308 | __VF_KIMI_CALL_HOOK_PATH__: fakeCallHookPath,
Spreading entire process.env into an object — may capture all secrets 90 | input: JSON.stringify(payload), 91 | encoding: 'utf8', > 92 | env: { 93 | ...process.env, 94 | __VF_PROJECT_WORKSPACE_FOLDER__: payload.cwd || process.env.__VF_PROJECT_WORKSPACE_FOLDER__ || process.cwd()
Spreading entire process.env into an object — may capture all secrets 715 | shareDir, 716 | ...(skillsDir != null ? { skillsDir } : {}), > 717 | spawnEnv: toProcessEnv({ 718 | ...process.env, 719 | ...ctx.env,
Spreading entire process.env into an object — may capture all secrets 71 | ) => { 72 | const paths = resolveKimiManagedToolPaths(ctx.cwd, ctx.env) > 73 | return toProcessEnv({ 74 | ...process.env, 75 | ...ctx.env,
Spreading entire process.env into an object — may capture all secrets 153 | source: resolvedInstallOptions.source ?? options.defaultSource 154 | } > 155 | const probeEnv = toProcessEnv({ 156 | ...process.env, 157 | ...ctx.env
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.3.1
8 findingsSpreading entire process.env into an object — may capture all secrets 198 | }), 199 | encoding: 'utf8', > 200 | env: { 201 | ...process.env, 202 | __VF_KIMI_CALL_HOOK_PATH__: fakeCallHookPath,
Spreading entire process.env into an object — may capture all secrets 252 | }), 253 | encoding: 'utf8', > 254 | env: { 255 | ...process.env, 256 | __VF_KIMI_CALL_HOOK_PATH__: fakeCallHookPath,
Spreading entire process.env into an object — may capture all secrets 304 | }), 305 | encoding: 'utf8', > 306 | env: { 307 | ...process.env, 308 | __VF_KIMI_CALL_HOOK_PATH__: fakeCallHookPath,
Spreading entire process.env into an object — may capture all secrets 90 | input: JSON.stringify(payload), 91 | encoding: 'utf8', > 92 | env: { 93 | ...process.env, 94 | __VF_PROJECT_WORKSPACE_FOLDER__: payload.cwd || process.env.__VF_PROJECT_WORKSPACE_FOLDER__ || process.cwd()
Spreading entire process.env into an object — may capture all secrets 715 | shareDir, 716 | ...(skillsDir != null ? { skillsDir } : {}), > 717 | spawnEnv: toProcessEnv({ 718 | ...process.env, 719 | ...ctx.env,
Spreading entire process.env into an object — may capture all secrets 71 | ) => { 72 | const paths = resolveKimiManagedToolPaths(ctx.cwd, ctx.env) > 73 | return toProcessEnv({ 74 | ...process.env, 75 | ...ctx.env,
Spreading entire process.env into an object — may capture all secrets 153 | source: resolvedInstallOptions.source ?? options.defaultSource 154 | } > 155 | const probeEnv = toProcessEnv({ 156 | ...process.env, 157 | ...ctx.env
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.3.0
8 findingsSpreading entire process.env into an object — may capture all secrets 198 | }), 199 | encoding: 'utf8', > 200 | env: { 201 | ...process.env, 202 | __VF_KIMI_CALL_HOOK_PATH__: fakeCallHookPath,
Spreading entire process.env into an object — may capture all secrets 252 | }), 253 | encoding: 'utf8', > 254 | env: { 255 | ...process.env, 256 | __VF_KIMI_CALL_HOOK_PATH__: fakeCallHookPath,
Spreading entire process.env into an object — may capture all secrets 304 | }), 305 | encoding: 'utf8', > 306 | env: { 307 | ...process.env, 308 | __VF_KIMI_CALL_HOOK_PATH__: fakeCallHookPath,
Spreading entire process.env into an object — may capture all secrets 90 | input: JSON.stringify(payload), 91 | encoding: 'utf8', > 92 | env: { 93 | ...process.env, 94 | __VF_PROJECT_WORKSPACE_FOLDER__: payload.cwd || process.env.__VF_PROJECT_WORKSPACE_FOLDER__ || process.cwd()
Spreading entire process.env into an object — may capture all secrets 715 | shareDir, 716 | ...(skillsDir != null ? { skillsDir } : {}), > 717 | spawnEnv: toProcessEnv({ 718 | ...process.env, 719 | ...ctx.env,
Spreading entire process.env into an object — may capture all secrets 71 | ) => { 72 | const paths = resolveKimiManagedToolPaths(ctx.cwd, ctx.env) > 73 | return toProcessEnv({ 74 | ...process.env, 75 | ...ctx.env,
Spreading entire process.env into an object — may capture all secrets 153 | source: resolvedInstallOptions.source ?? options.defaultSource 154 | } > 155 | const probeEnv = toProcessEnv({ 156 | ...process.env, 157 | ...ctx.env
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.