@work.books/cli
Build tool for workbooks — compiles a multi-file source tree into a single, self-contained .workbook.html.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:silent-process-exec | AI (semgrep): Spawns system browser (xdg-open/open/start) to open OAuth URL — standard browser-launch pattern, not a reverse shell. | ai | |
| semgrep | semgrep:silent-process-exec-var | AI (semgrep): Same browser-launch pattern as silent-process-exec; stable false positive for this package. | ai | |
| semgrep | semgrep:shady-links-raw-ip | AI (semgrep): 127.0.0.1 is the loopback OAuth callback listener — not an external raw IP. | ai | |
| semgrep | semgrep:shady-links-tlds | AI (semgrep): URL appears only in a code comment as a usage example, not in live code. | ai | |
| semgrep | semgrep:base64-decode | AI (semgrep): Decodes embedded bundle data from HTML files — documented feature of the tool, not payload obfuscation. | ai | |
| typosquat | typosquat.levenshtein:joi | AI (typosquat): Scoped package @work.books/cli is not plausibly a typosquat of joi; edit-distance match is coincidental. | ai |
Versions (showing 10 of 10)
| Version | Deps | Published |
|---|---|---|
| 0.6.0 | 9 / 0 | |
| 0.5.4 | 7 / 0 | |
| 0.5.3 | 7 / 0 | |
| 0.5.2 | 7 / 0 | |
| 0.3.0 | 6 / 0 | |
| 0.2.3 | 3 / 0 | |
| 0.2.2 | 3 / 0 | |
| 0.2.1 | 2 / 0 | |
| 0.2.0 | 2 / 0 | |
| 0.1.0 | 2 / 0 |
v0.6.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.4
3 findingsSilent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/zaius-labs/workbooks/blob/8b5f364adc1d82d0cab68d3b22394508456d8c35/src/commands/publish.mjs#L242 240 | const args = platform === "win32" ? ["/c", "start", "", url] : [url]; 241 | try { > 242 | spawn(cmd, args, { detached: true, stdio: "ignore" }).unref(); 243 | } catch { 244 | // Headless / no browser — caller already printed the URL.
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/zaius-labs/workbooks/blob/8b5f364adc1d82d0cab68d3b22394508456d8c35/src/commands/publish.mjs#L242 240 | const args = platform === "win32" ? ["/c", "start", "", url] : [url]; 241 | try { > 242 | spawn(cmd, args, { detached: true, stdio: "ignore" }).unref(); 243 | } catch { 244 | // Headless / no browser — caller already printed the URL.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.5.3
3 findingsSilent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/zaius-labs/workbooks/blob/5abce6606c73c2ca4f3da4d9f5df683aca8c7308/src/commands/publish.mjs#L223 221 | const args = platform === "win32" ? ["/c", "start", "", url] : [url]; 222 | try { > 223 | spawn(cmd, args, { detached: true, stdio: "ignore" }).unref(); 224 | } catch { 225 | // Headless / no browser — caller already printed the URL.
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/zaius-labs/workbooks/blob/5abce6606c73c2ca4f3da4d9f5df683aca8c7308/src/commands/publish.mjs#L223 221 | const args = platform === "win32" ? ["/c", "start", "", url] : [url]; 222 | try { > 223 | spawn(cmd, args, { detached: true, stdio: "ignore" }).unref(); 224 | } catch { 225 | // Headless / no browser — caller already printed the URL.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.5.2
3 findingsSilent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/zaius-labs/workbooks/blob/fc21fe394f223ec775d8bc294bd5eb1797154ee9/src/commands/publish.mjs#L223 221 | const args = platform === "win32" ? ["/c", "start", "", url] : [url]; 222 | try { > 223 | spawn(cmd, args, { detached: true, stdio: "ignore" }).unref(); 224 | } catch { 225 | // Headless / no browser — caller already printed the URL.
Silent detached process — runs invisibly in the background (reverse shells, miners) Source: https://github.com/zaius-labs/workbooks/blob/fc21fe394f223ec775d8bc294bd5eb1797154ee9/src/commands/publish.mjs#L223 221 | const args = platform === "win32" ? ["/c", "start", "", url] : [url]; 222 | try { > 223 | spawn(cmd, args, { detached: true, stdio: "ignore" }).unref(); 224 | } catch { 225 | // Headless / no browser — caller already printed the URL.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.