Skip to content
Thåst Docs

CVE report

Summary

  • Automated audit: Not completed (network access required).
  • Status: PARTIAL — advisory data could not be fetched.

Attempted Audit

  • Command: npm audit --json
  • Result: failed to reach npm advisory endpoint (registry.npmjs.org) due to DNS/network restriction.
  • Additional note: npm also reported inability to write logs to /Users/david/.npm/_logs (outside repo scope).

Manual Notes

Without advisory data, no CVE claims are made here. A full run should be completed in an environment with registry access.

Attestation

# Identity
agent_id: audit-dependencies
agent_version: "1.0"
protocol_version: "2.0"


# Timing
timestamp: 2026-01-31T13:15:03Z
duration_seconds: 120


# Context
git_ref: e4bb0098264f90d3afc7b5d0f3b5e425d1825761
git_branch: main
working_directory: /Users/david/Documents/GitHub/superdash


# Artefact metadata
artefact: CVE_REPORT.md
phase: 1
status: PARTIAL


# Confidence assessment
confidence: LOW
confidence_notes: "Unable to fetch advisory database due to network restrictions."


# Inputs consumed (with integrity hashes)
inputs_consumed:
  - path: package-lock.json
    hash: sha256:eed91e3fb91278c5dbc3c76dc9a5d370400c5fc5ce904cdfd96ae74ee5c251fe


# Commands executed
commands_executed:
  - seq: 1
    cmd: "npm audit --json"
    exit_code: 1
    purpose: "Fetch vulnerability advisories"
    output_summary: "ENOTFOUND registry.npmjs.org; audit failed"


# Findings summary
findings:
  critical: 0
  high: 0
  medium: 0
  low: 0
  info: 1


# Blocking issues
blocking_issues:
  - "npm audit failed due to network/DNS restrictions; CVE data unavailable"


# Handoff
handoff:
  ready: false
  next_agents: []
  dependencies_satisfied:
    CVE_REPORT.md: PARTIAL
  context_for_next: |
    Re-run npm audit in an environment with registry access to complete CVE assessment.