New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details → →

Book a Demo Sign in

Book a Demo Sign in

@github/copilot

Package Overview

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

@github/copilot - npm Package Compare versions

Comparing version

to

+8

-8

package.json

		{
		"name": "@github/copilot",
		"description": "GitHub Copilot CLI brings the power of Copilot coding agent directly to your terminal.",
		"version": "1.0.19",
		"version": "1.0.20-0",
		"license": "SEE LICENSE IN LICENSE.md",
		@@ -65,12 +65,12 @@ "type": "module",
		"buildMetadata": {
		"gitCommit": "5188a58"
		"gitCommit": "d88c99c"
		},
		"optionalDependencies": {
		"@github/copilot-linux-x64": "1.0.19",
		"@github/copilot-linux-arm64": "1.0.19",
		"@github/copilot-darwin-x64": "1.0.19",
		"@github/copilot-darwin-arm64": "1.0.19",
		"@github/copilot-win32-x64": "1.0.19",
		"@github/copilot-win32-arm64": "1.0.19"
		"@github/copilot-linux-x64": "1.0.20-0",
		"@github/copilot-linux-arm64": "1.0.20-0",
		"@github/copilot-darwin-x64": "1.0.20-0",
		"@github/copilot-darwin-arm64": "1.0.20-0",
		"@github/copilot-win32-x64": "1.0.20-0",
		"@github/copilot-win32-arm64": "1.0.20-0"
		}
		}

app.js

Sorry, the diff of this file is too big to display

changelog.json

Sorry, the diff of this file is too big to display

prebuilds/darwin-arm64/computer.node

Sorry, the diff of this file is not supported yet

prebuilds/darwin-arm64/keytar.node

Sorry, the diff of this file is not supported yet

prebuilds/darwin-arm64/pty.node

Sorry, the diff of this file is not supported yet

prebuilds/darwin-arm64/spawn-helper

Sorry, the diff of this file is not supported yet

prebuilds/darwin-x64/computer.node

Sorry, the diff of this file is not supported yet

prebuilds/darwin-x64/keytar.node

Sorry, the diff of this file is not supported yet

prebuilds/darwin-x64/pty.node

Sorry, the diff of this file is not supported yet

prebuilds/darwin-x64/spawn-helper

Sorry, the diff of this file is not supported yet

prebuilds/linux-arm64/computer.node

Sorry, the diff of this file is not supported yet

prebuilds/linux-x64/computer.node

Sorry, the diff of this file is not supported yet

prebuilds/win32-arm64/computer.node

Sorry, the diff of this file is not supported yet

prebuilds/win32-arm64/conpty_console_list.node

Sorry, the diff of this file is not supported yet

prebuilds/win32-arm64/conpty.node

Sorry, the diff of this file is not supported yet

prebuilds/win32-arm64/conpty/conpty.dll

Sorry, the diff of this file is not supported yet

prebuilds/win32-arm64/conpty/OpenConsole.exe

Sorry, the diff of this file is not supported yet

prebuilds/win32-arm64/keytar.node

Sorry, the diff of this file is not supported yet

prebuilds/win32-arm64/win_error_mode.node

Sorry, the diff of this file is not supported yet

prebuilds/win32-x64/computer.node

Sorry, the diff of this file is not supported yet

prebuilds/win32-x64/conpty_console_list.node

Sorry, the diff of this file is not supported yet

prebuilds/win32-x64/conpty.node

Sorry, the diff of this file is not supported yet

prebuilds/win32-x64/conpty/conpty.dll

Sorry, the diff of this file is not supported yet

prebuilds/win32-x64/conpty/OpenConsole.exe

Sorry, the diff of this file is not supported yet

prebuilds/win32-x64/keytar.node

Sorry, the diff of this file is not supported yet

prebuilds/win32-x64/win_error_mode.node

Sorry, the diff of this file is not supported yet

ripgrep/bin/darwin-arm64/rg

Sorry, the diff of this file is not supported yet

ripgrep/bin/darwin-x64/rg

Sorry, the diff of this file is not supported yet

ripgrep/bin/win32-arm64/rg.exe

Sorry, the diff of this file is not supported yet

ripgrep/bin/win32-x64/rg.exe

Sorry, the diff of this file is not supported yet

schemas/session-events.schema.json

Sorry, the diff of this file is too big to display

sdk/index.d.ts

Sorry, the diff of this file is too big to display

sdk/index.js

Sorry, the diff of this file is too big to display

New alerts

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

System shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Dynamic code execution

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Debug access

Supply chain risk

Uses debug, reflection and dynamic code execution features.

Found 1 instance in 1 package

Dynamic module loading

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 18 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Potential code anomaly (AI signal)

Supply chain risk

AI has identified unusual behaviors that may pose a security risk.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Not semver v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Embedded URLs or IPs

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Fixed alerts

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

System shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Dynamic code execution

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Debug access

Supply chain risk

Uses debug, reflection and dynamic code execution features.

Found 1 instance in 1 package

Dynamic module loading

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 18 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Embedded URLs or IPs

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package