vg-coder-cli
Advanced tools
vg-coder-cli - npm Package Compare versions
+1
-1
| { | ||
| "name": "vg-coder-cli", | ||
| "version": "2.0.65", | ||
| "version": "2.0.66", | ||
| "description": "🚀 CLI tool to analyze projects, concatenate source files, count tokens, and export HTML with syntax highlighting and copy functionality", | ||
@@ -5,0 +5,0 @@ "main": "src/index.js", |
@@ -802,12 +802,17 @@ const express = require('express'); | ||
| // Run JS inside the launcher SW. Body: { chromeId? | workerLabel?, code, timeoutMs? } | ||
| // Code is wrapped in `async () => { ${code} }` — use `return` to surface | ||
| // a value. Result must JSON-serialize. Debug-only. | ||
| this.app.post('/api/launcher/eval', async (req, res) => { | ||
| // Run a predefined chrome.* command inside the launcher SW. Manifest V3 | ||
| // CSP forbids new Function() in service workers, so eval was replaced by | ||
| // a fixed command map. Body: | ||
| // { chromeId? | workerLabel?, cmd, args?, timeoutMs? } | ||
| // Available cmds (see launcher.ts execCommands): | ||
| // tabs.query | tabs.get | tabs.update | tabs.reload | ||
| // storage.sync.get | storage.sync.set | storage.local.get | ||
| // runtime.reload | windows.list | cookies.get | ||
| this.app.post('/api/launcher/exec', async (req, res) => { | ||
| try { | ||
| const body = req.body || {}; | ||
| if (!body.code) return res.status(400).json({ error: 'code required' }); | ||
| if (!body.cmd) return res.status(400).json({ error: 'cmd required' }); | ||
| const opts = launcherOpts(body) || (body.all ? { all: true } : {}); | ||
| const timeoutMs = Math.min(Math.max(parseInt(body.timeoutMs, 10) || 10_000, 1_000), 30_000); | ||
| const result = await taskQueue.requestLauncher('launcher:eval', { code: body.code }, opts, timeoutMs); | ||
| const result = await taskQueue.requestLauncher('launcher:exec', { cmd: body.cmd, args: body.args }, opts, timeoutMs); | ||
| res.json(result); | ||
@@ -814,0 +819,0 @@ } catch (e) { res.status(launcherErr(e)).json({ error: e.message }); } |
Sorry, the diff of this file is too big to display
New alerts
AI-detected potential malware
Supply chain riskAI has identified this package as malware. This is a strong signal that the package may be malicious.
Found 2 instances in 1 package
Network access
Supply chain riskThis module accesses the network.
Found 2 instances in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 5 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 2 instances in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Fixed alerts
AI-detected potential malware
Supply chain riskAI has identified this package as malware. This is a strong signal that the package may be malicious.
Found 2 instances in 1 package
Network access
Supply chain riskThis module accesses the network.
Found 2 instances in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 5 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 2 instances in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
10815935
0.16%- Lines of code
18071
0.03%Worsened metrics
- Number of medium supply chain risk alerts
48
2.13%