Files
wehub-resource-sync 23f7624596
ADR-166 MCP Bridge Security Lock / Static-source security lock (push) Failing after 0s
ADR-166 MCP Bridge Security Lock / Compose default binds loopback + Mongo has auth (push) Failing after 2s
CodeQL Advanced / Analyze (rust) (push) Failing after 0s
ADR-166 MCP Bridge Security Lock / plugin-agent-federation bindHost default (push) Failing after 1s
ADR-166 MCP Bridge Security Lock / Runtime behavior — 401 + terminal gate + fail-closed (push) Failing after 4s
business-pods-smoke / smoke (push) Failing after 1s
all-plugins-smoke / smoke-all (push) Failing after 2s
CI/CD Pipeline / Security & Code Quality (push) Failing after 1s
CI/CD Pipeline / Test Suite (ubuntu-latest) (push) Failing after 1s
CI/CD Pipeline / Build & Package (macos-latest) (push) Has been skipped
CI/CD Pipeline / Build & Package (ubuntu-latest) (push) Has been skipped
CI/CD Pipeline / Build & Package (windows-latest) (push) Has been skipped
CI/CD Pipeline / Documentation & Examples (push) Failing after 1s
Clone Tracker (14-day rolling) / Snapshot clones for ruflo ecosystem (push) Failing after 1s
CodeQL Advanced / Analyze (actions) (push) Failing after 1s
CodeQL Advanced / Analyze (javascript-typescript) (push) Failing after 1s
federation-peer-rust / stable-noop (push) Failing after 1s
metaharness-ci / score (push) Failing after 1s
metaharness-ci / router-compat (push) Failing after 0s
metaharness-ci / similarity-tests (push) Failing after 0s
no-agentbbs-smoke / smoke-without-agentbbs (push) Failing after 1s
V3 CI/CD Pipeline / Build V3 (windows-latest) (push) Has been skipped
codex-integration-audit / Codex integration audit (push) Failing after 1s
helpers-manifest-guard / guard (push) Failing after 1s
🔗 Cross-Agent Integration Tests / 🤝 Agent Coordination Tests (push) Has been skipped
🔗 Cross-Agent Integration Tests / 🧠 Memory Sharing Integration (push) Has been skipped
🔗 Cross-Agent Integration Tests / 🛡️ Fault Tolerance Tests (push) Has been skipped
🔗 Cross-Agent Integration Tests / ⚡ Performance Integration Tests (push) Has been skipped
metaharness-ci / mcp-scan (push) Failing after 1s
metaharness-ci / eject-dryrun (push) Failing after 1s
metaharness-ci / metaharness-real-data (push) Failing after 0s
no-cli-optdep-bloat-2561 / guard (push) Failing after 1s
no-metaharness-smoke / smoke-without-metaharness (push) Failing after 1s
no-phantom-agentic-flow-subpath / guard (push) Failing after 1s
🔄 Automated Rollback Manager / 🚨 Failure Detection (push) Failing after 1s
V3 CI/CD Pipeline / Plugin hooks smoke / ubuntu-latest / Node 22 (push) Failing after 1s
V3 CI/CD Pipeline / ruflo-graph-intelligence build + test smoke (#2044, ADR-123) (push) Failing after 1s
CVE Audit Gate / Audit root (critical-blocking) (push) Failing after 2s
cost-tracker-smoke / smoke (push) Failing after 3s
oia-audit-weekly / audit (push) Failing after 2s
ruflo-agent-smoke / ruflo-agent structural smoke (push) Failing after 1s
📊 Status Badges Update / 📊 Update Status Badges (push) Failing after 1s
V3 CI/CD Pipeline / Static regression guards (#2267 YAML + (push) Failing after 1s
V3 CI/CD Pipeline / Test V3 Packages (push) Failing after 0s
V3 CI/CD Pipeline / agent_execute provider routing smoke (#2042) (push) Failing after 0s
CVE Audit Gate / Audit v3 (critical-blocking) (push) Failing after 1s
federation-peer-rust / stable-native (push) Failing after 2s
🔗 Cross-Agent Integration Tests / 🚀 Integration Test Setup (push) Failing after 2s
neural-trader-smoke / runtime-smoke (push) Failing after 1s
V3 CI/CD Pipeline / Build V3 (macos-latest) (push) Has been skipped
V3 CI/CD Pipeline / Build V3 (ubuntu-latest) (push) Has been skipped
V3 CI/CD Pipeline / Type Check V3 (push) Failing after 1s
V3 CI/CD Pipeline / Smoke (no better-sqlite3) / ubuntu-latest / Node 24 (push) Failing after 1s
V3 CI/CD Pipeline / Smoke (no better-sqlite3) / ubuntu-latest / Node 22 (push) Failing after 2s
V3 CI/CD Pipeline / browser rvf create flag smoke (#2015) (push) Failing after 0s
V3 CI/CD Pipeline / Dependency review (#2046) (push) Has been skipped
V3 CI/CD Pipeline / Supply-chain audit (#2046) (push) Failing after 0s
V3 CI/CD Pipeline / witness marker drift smoke (#2021) (push) Failing after 1s
V3 CI/CD Pipeline / neural-trader portfolio CG smoke (#2068, ADR-126 Phase 3) (push) Failing after 1s
V3 CI/CD Pipeline / neural-trader backtest signing smoke (#2068, ADR-126 Phase 4) (push) Failing after 1s
V3 CI/CD Pipeline / kg-extract type-import classification smoke (#2049) (push) Failing after 0s
V3 CI/CD Pipeline / witness verify precondition smoke (#1880) (push) Failing after 2s
V3 CI/CD Pipeline / neural-trader pipeline risk-gate smoke (#2068, ADR-126 Phase 5) (push) Failing after 0s
V3 CI/CD Pipeline / neural-trader feature attribution smoke (#2068, ADR-126 Phase 6) (push) Failing after 0s
V3 CI/CD Pipeline / plugin-registry signature verification smoke (#1922, CWE-347) (push) Failing after 4s
V3 CI/CD Pipeline / memory stats legacy-DB smoke (#2120) (push) Failing after 4s
V3 CI/CD Pipeline / github deprecated actions smoke (#2089, ADR-127 Phase 3) (push) Failing after 1s
V3 CI/CD Pipeline / graph query + pathfinder smoke (ADR-130 P2+P5) (push) Has been skipped
V3 CI/CD Pipeline / graph trajectory hooks smoke (ADR-130 P3) (push) Has been skipped
V3 CI/CD Pipeline / graph plugin adapter smoke (ADR-130 P4) (push) Has been skipped
V3 CI/CD Pipeline / graph benchmark (ADR-130 P6) (push) Has been skipped
V3 CI/CD Pipeline / statusline generator delegation smoke (#2195) (push) Failing after 1s
V3 CI/CD Pipeline / wizard init regression guard (#2206 (push) Failing after 1s
V3 CI/CD Pipeline / memory no-stray-db smoke (ADR-125 P7) (push) Failing after 1s
V3 CI/CD Pipeline / github-safe injection smoke (#2089, ADR-127 Phase 1) (push) Failing after 1s
V3 CI/CD Pipeline / github actions pin smoke (#2089, ADR-127 Phase 1) (push) Failing after 1s
V3 CI/CD Pipeline / github attribution opt-in smoke (#2089, ADR-127 Phase 4) (push) Failing after 1s
V3 CI/CD Pipeline / pre-bash hook safety smoke (#2017) (push) Failing after 1s
V3 CI/CD Pipeline / Memory import smoke / ubuntu-latest (push) Failing after 0s
V3 CI/CD Pipeline / MCP protocol smoke / ubuntu-latest (push) Failing after 2s
V3 CI/CD Pipeline / ruvllm WASM auto-init smoke (#2086) (push) Failing after 4s
V3 CI/CD Pipeline / MCP paired-tool round-trip smoke (#1889) (push) Failing after 1s
V3 CI/CD Pipeline / Plugin package install-safety (#1902/#1903/#1904) (push) Failing after 1s
V3 CI/CD Pipeline / Tool description discoverability (ADR-112) (push) Failing after 3s
V3 CI/CD Pipeline / CLI npx-install smoke (#1147 / (22) (push) Failing after 1s
V3 CI/CD Pipeline / CLI npx-install smoke (#1147 / (24) (push) Failing after 1s
V3 CI/CD Pipeline / Windows hook shim smoke (#2132) / ubuntu-latest (push) Failing after 2s
V3 CI/CD Pipeline / Windows hook execution smoke (#2132) / ubuntu-latest (push) Failing after 1s
V3 CI/CD Pipeline / Windows init hooks smoke (#2132) / ubuntu-latest (push) Failing after 1s
V3 CI/CD Pipeline / Vector-index dimension audit (#1947) (push) Failing after 0s
V3 CI/CD Pipeline / Hook-command install safety (#1921) (push) Failing after 1s
V3 CI/CD Pipeline / ToolOutputGuardrail smoke (ADR-131, (push) Failing after 1s
V3 CI/CD Pipeline / init-bundle invariants smoke (#2095, ADR-128 Phase 5) (push) Failing after 1s
V3 CI/CD Pipeline / wasm provider bridge smoke (ADR-129 P1) (push) Failing after 2s
V3 CI/CD Pipeline / wasm gallery CRUD smoke (ADR-129 P3) (push) Failing after 1s
V3 CI/CD Pipeline / wasm plugin bridge smoke (ADR-129 P4) (push) Failing after 0s
V3 CI/CD Pipeline / wasm compose smoke (ADR-129 P2) (push) Failing after 4s
V3 CI/CD Pipeline / graph schema smoke (ADR-130 P1) (push) Failing after 0s
Validate Marketplace / validate (push) Failing after 1s
🔍 Verification Pipeline / 🚀 Setup Verification (push) Failing after 1s
🔍 Verification Pipeline / 🛡️ Security Verification (push) Has been skipped
🔍 Verification Pipeline / 📝 Code Quality (push) Has been skipped
🔍 Verification Pipeline / 🧪 Test Verification (${{ matrix.os }}, Node ${{ matrix.node }}) (push) Has been skipped
🔍 Verification Pipeline / 🏗️ Build Verification (push) Has been skipped
🔍 Verification Pipeline / 📚 Documentation Verification (push) Has been skipped
CVE Audit Gate / High-severity report (warn only) (push) Has been cancelled
🔄 Automated Rollback Manager / 🔄 Execute Rollback (push) Has been cancelled
🔄 Automated Rollback Manager / ✅ Post-Rollback Verification (push) Has been cancelled
🔄 Automated Rollback Manager / 📊 Rollback Monitoring (push) Has been cancelled
V3 CI/CD Pipeline / Windows init hooks smoke (#2132) / windows-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows hook execution smoke (#2132) / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows hook execution smoke (#2132) / windows-latest (push) Has been cancelled
🔄 Automated Rollback Manager / ⏳ Manual Rollback Approval (push) Has been cancelled
V3 CI/CD Pipeline / MCP protocol smoke / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Memory import smoke / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows hook shim smoke (#2132) / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows hook shim smoke (#2132) / windows-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows init hooks smoke (#2132) / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Witness verify (signed manifest) / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Witness verify (signed manifest) / ubuntu-latest (push) Has been cancelled
V3 CI/CD Pipeline / Witness verify (signed manifest) / windows-latest (push) Has been cancelled
V3 CI/CD Pipeline / Publish to npm (alpha) (push) Has been cancelled
V3 CI/CD Pipeline / Smoke (no better-sqlite3) / macos-latest / Node 22 (push) Has been cancelled
V3 CI/CD Pipeline / Plugin hooks smoke / macos-latest / Node 22 (push) Has been cancelled
CI/CD Pipeline / Deploy & Release (push) Has been cancelled
CI/CD Pipeline / CI Status (push) Has been cancelled
🔗 Cross-Agent Integration Tests / 📊 Integration Test Report (push) Has been cancelled
🔄 Automated Rollback Manager / 🔍 Pre-Rollback Validation (push) Has been cancelled
🔍 Verification Pipeline / ⚡ Performance Verification (push) Has been cancelled
🔍 Verification Pipeline / 📊 Verification Report (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 12:02:19 +08:00

7.0 KiB

Socket.dev Alert Baseline — claude-flow

Last revised: 2026-06-09 against claude-flow@3.10.40 Source: https://socket.dev/npm/package/claude-flow/alerts/3.10.40 Tracking issue: ruvnet/ruflo#2339

TL;DR

Most of Socket's alerts on claude-flow describe legitimate behaviour of a CLI agent platform (network access, filesystem access, env-var reads, shell access, native modules, etc.) and cannot and should not be "fixed" — they are intrinsic to what the package does. This doc separates the inherent-and-expected categories from the small set that's actually actionable, so the next reviewer doesn't go down the same rabbit hole.

What's protected today

Layer Mechanism Status
Ruflo dev tree overrides block in root package.json (lines 77-107) — pins protobufjs >=8.2.0, uuid >=14.0.0, plus 25+ other transitive forces npm audit returns 0 vulnerabilities on the working tree
Ruflo dev tree supply-chain-audit CI job in .github/workflows/v3-ci.yml (line 629) — runs npm audit --audit-level=high, lockfile integrity, top-level allowlist, typosquat reject, publisher trust snapshot Gates every PR + push to main
Dependency review dependency-review CI job (line 675) — GitHub's dependency-review-action checks new vulnerable deps in PRs ⚠️ Gated on Pages-style Dependency Graph being enabled at repo level; currently continue-on-error: true

What's NOT fully fixable from inside claude-flow

npm overrides in our root package.json only apply when we are the root of the dep tree. When a consumer runs npm install claude-flow@3.10.40, their root package.json is the one whose overrides apply — ours are ignored. This is the same trap documented in CLAUDE.md for the ruflo wrapper (#2112).

A clean install of claude-flow@3.10.40 therefore still pulls in:

Severity Package CVE summary Root cause
Critical protobufjs Arbitrary code execution via bytes-field defaults in generated toObject code Transitive of onnx-protoonnxruntime-web@xenova/transformers
Moderate uuid Missing buffer bounds check in v3/v5/v6 when buf is provided Transitive — multiple paths
High (cascade) onnx-proto, onnxruntime-web, @xenova/transformers, agentdb, agentic-flow, @claude-flow/memory, @claude-flow/neural, @claude-flow/plugin-gastown-bridge, claude-flow itself All downstream of the protobufjs + uuid root causes

Why this can't be fixed in this PR: the upstream @xenova/transformers@2.17.2 (latest) still pins onnxruntime-web@1.14.0 which carries the bad onnx-protoprotobufjs chain. No clean upstream version exists today. Resolving consumer-side requires either:

  1. A patched @xenova/transformers release (waiting on upstream), or migrating to @huggingface/transformers (the rebranded successor — needs evaluation), OR
  2. Republishing the affected @claude-flow/* sub-packages with explicit transitive pins in their dependencies blocks (multi-PR coordinated effort), OR
  3. Dropping the optional ML stack (agentic-flow, @xenova/transformers) — would lose ONNX-backed features

Tracked in #2339 as separate follow-up work.

Inherent flags — what they mean, why we keep them

Socket fires these on every release. They describe normal CLI/agent behaviour and are not signals of a bug.

Alert Count Why it's normal here
Network access 68 pkgs HTTP clients (Anthropic SDK, MCP transports, fetch-based tools)
Filesystem access 82 pkgs Universal — anything reading/writing files (memory backend, config, logs)
Environment variable access 84 pkgs process.env.ANTHROPIC_API_KEY, CLAUDE_FLOW_*, etc. — configuration
Shell access 29 pkgs child_process — used by every native-module installer, hook runners, npx-style spawning
Install scripts 7 pkgs Native modules: better-sqlite3, hnswlib-node, onnxruntime-node, @ruvector/*
Native code 5 pkgs Compiled binaries from the install-scripts row
URL strings 108 pkgs Every HTTP client embeds endpoint URLs as string literals
Debug access 14 pkgs The debug package and reflection-based helpers
Dynamic require 16 pkgs Plugin system (mcp, hooks, agents) + conditional optional-dep loading
Minified code 10 pkgs Some libraries ship pre-bundled (undici, axios internals, etc.)
Unpopular package 29 pkgs Long-tail transitives — popularity is not a security signal
Unmaintained 64 pkgs Long-tail transitives stale >5 years — checked against CVE/deprecation separately
New author 20 pkgs Maintainer changes — informational, not a vuln

False positives we've explicitly triaged

Alert What Socket said Reality
AI-detected possible typosquat → "did you mean z-schema?" Suggested zod is a typosquat of z-schema zod is a 10M-weekly-download canonical TypeScript schema library, not a typosquat. Socket's AI guess is wrong.
AI-detected potential security risk 15 instances in 7 packages Heuristic-only; none corroborated by an actual CVE or code review
AI-detected potential code anomaly 52 instances in 46 packages Same — heuristic-only
Obfuscated code 17 instances in 11 packages All match the "pre-bundled / minified" pattern (undici, axios internals); none match the active-obfuscation-malware pattern

Operational policy

  1. Root tree must stay green. The supply-chain-audit job in v3-ci.yml enforces npm audit --audit-level=high on every PR. Adding a new direct dep that introduces a HIGH/CRITICAL fails CI.
  2. Overrides are a first-line tool. If a new transitive CVE lands, add an overrides entry pinning to a patched version. The current set (root package.json lines 77-107) is the precedent.
  3. Document gaps before merging. When a CVE can't be cleanly overridden (e.g., the protobufjs cascade documented above), update this file with the rationale rather than silently ignoring it.
  4. Re-baseline this doc when claude-flow versions bump. The alert counts here are tied to 3.10.40 — when the version moves, re-run the audit (scripts/probe-nested-spawn-depth.mjs style) and update the tables.

When to revisit

  • Quarterly: re-check upstream for @xenova/transformers / onnxruntime-web patched versions
  • On Socket alert change: if Socket flags something new at critical severity for a direct dep, that's a real signal and warrants immediate triage
  • On new direct dep addition: the supply-chain-audit job will catch this at PR time; no manual checklist needed
  • ADR-097 — federation budget circuit-breaker (cost-side supply chain)
  • ADR-145 — plugin supply-chain integrity (install-time)
  • ADR-144 — authorization propagation (action-time, ADR-131 is content-time)
  • Issue #2046 — original supply-chain hardening (the source of supply-chain-audit job)
  • Issue #2339 — this baseline + Socket alert response