npm analyzed 3.13.0

@neriros/ralphy

v3.13.0

npm

An iterative AI task execution framework. Orchestrates multi-phase autonomous work using Claude or Codex engines.

maintainer: rosneri
license: MIT
first seen: 2026-05-22
last seen: 2026-06-16
releases · 30d: 36
short id

Drift inferred · capture-to-capture

HIGH 2026-06-04 code analysis flagged dynamic code execution in @neriros/ralphy

capabilities 0 tools

transport stdio counts 0 tools · 0 res · 0 prompts permission surface via code analysis

no tools enumerated yet for this server.

skills & danger signals npm-tarball

prompt-surface shipped agent-instruction files + hidden-content / dangerous-code findings — quoted from the analyzed source

analyzed v3.13.0 · analyzer v18 · 8h ago

danger signals1

dynamic code executionnew Function()package/dist/mcp/index.js:2893const makeValidate = new Function(`${names_1.default.self}`, `${names_1.default.scope}`, sourceCode);

code evidence v3.13.0 · npm-tarball

evidence-backed findings quoted directly from the published source artifact — not inferred

filesystem 1

fs package/dist/mcp/index.js :6609 import { exists } from "fs/promises";

declared dependencies 27

@fission-ai/openspec@latest
yaml@^2.9.0
@commitlint/cli@^20.5.3
@commitlint/config-conventional@^20.5.3
@modelcontextprotocol/sdk@^1.29.0
@nx/devkit@^22.7.1
@nx/js@^22.7.1
@rosneri/xstate-mcp@^0.1.8
@secretlint/secretlint-rule-preset-recommend@^11.7.1
@swc-node/register@^1.11.1
@swc/core@^1.15.33
@total-typescript/ts-reset@^0.6.1
@types/node@^22.19.18
bun-types@^1.3.13
chalk@^5.6.2
dependency-cruiser@^17.4.0
husky@^9.1.7
knip@^5.88.1
lint-staged@^16.4.0
nx@22.5.3
oxc-parser@^0.126.0
oxfmt@^0.36.0
oxlint@^1.63.0
pdf-parse@^2.4.5
secretlint@^11.7.1
typescript@^5.9.3
zod@^3.25.76