#+HashtagPLUS
In

Menu

Post image 1
Post image 2
1 / 2
0

AGENTSCORE-2026-0018: `@planu/cli` risk change detected

DEV Community·Michael Kayode Onyekwere·about 1 month ago
#FkELc6PD
#security#mcp#npm#supplychain#package#published
Reading 0:00
15s threshold

Michael Kayode Onyekwere

@planu/cli updated from 2.12.0 to 2.12.1. Score changed 85/100 to 65/100 (-20). Risk: LOW to ELEVATED. 3 findings.

Package

  • Name: @planu/cli
  • Version: 2.12.0 to 2.12.1
  • Score: 85/100 to 65/100
  • Risk: LOW to ELEVATED

Findings

  • [MEDIUM] no_repository: Package has no repository link — source code is not verifiable
  • [HIGH] command_injection: Potential command injection: shell execution with template literal input
  • [LOW] no_provenance: Package is not published with provenance attestations or trusted publishing. Published by: planudev

Full advisory: AGENTSCORE-2026-0018

Verdict API: curl https://agentscores.xyz/api/verdict?npm=%40planu%2Fcli

Auto-published by AgentScore MCP security monitoring.

Read More