Supply Chain Risks
AI coding agents install packages without verifying them. They autocomplete package names (sometimes getting them wrong), add unpinned dependencies, and generate curl | bash install scripts. One wrong package can compromise your entire machine.
What it catches
- Typosquatted packages (e.g.,
axoisinstead ofaxios,lodasheinstead oflodash) curl | bashinstall patterns — executes remote code sight-unseen- Missing lockfiles (
package-lock.json,yarn.lock) - Unpinned dependencies (
"*"or"latest") - Known malicious packages from npm/PyPI advisory databases
pip installwithout pinned versions
Why vibe coders should care
When you ask your AI agent to “add a package for X,” it picks a name and installs it. If the name is slightly wrong (typosquatted), the fake package runs malicious code during install — it can read your .env, steal SSH keys, or install backdoors.
Real impact:
- A typosquatted npm package once stole cryptocurrency wallets from 400+ developers
event-streamwas a popular package that got compromised — 3M weekly downloads, injected crypto-stealing code- Unpinned dependencies mean a compromised version auto-installs on your next
npm install
Example
{
"dependencies": {
"axois": "^1.0.0", // ❌ Typosquatted — should be "axios"
"lodash": "*", // ❌ Unpinned — any version, including compromised ones
"express": "^4.18.2" // ✅ Pinned to a specific range
}
}# ❌ VibSec flags this — AI agents love this pattern
curl -fsSL https://some-tool.dev/install.sh | bash
# ✅ Download first, inspect, then run
curl -fsSL https://some-tool.dev/install.sh -o install.sh
cat install.sh # read it first!
bash install.shHow to fix
- Verify package names against the official registry (npmjs.com, pypi.org)
- Pin all dependency versions in your lockfile
- Never pipe remote scripts directly to bash — download and inspect first
- Run
vibsec scan --fixto get all findings in a format your AI agent can fix
Related checks: Hardcoded Secrets · Unsafe Code Patterns · All Checks