Run Claude Code, Gemini, Codex — or any coding agent — in a clean, isolated sandbox with sensitive data redaction and observability baked in.
# Add to your Claude Code skills
git clone https://github.com/superagent-ai/vibekitLast scanned: 4/26/2026
{
"issues": [
{
"type": "npm-audit",
"message": "@aws-sdk/client-s3: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@aws-sdk/client-sso: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@aws-sdk/core: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@aws-sdk/credential-provider-env: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@aws-sdk/credential-provider-http: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@aws-sdk/credential-provider-ini: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@aws-sdk/credential-provider-node: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@aws-sdk/credential-provider-process: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@aws-sdk/credential-provider-sso: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@aws-sdk/credential-provider-web-identity: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@aws-sdk/middleware-flexible-checksums: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@aws-sdk/middleware-sdk-s3: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@aws-sdk/middleware-user-agent: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@aws-sdk/nested-clients: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@aws-sdk/signature-v4-multi-region: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@aws-sdk/token-providers: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@aws-sdk/util-user-agent-node: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@aws-sdk/xml-builder: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@blaxel/core: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@dagger.io/dagger: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@daytonaio/sdk: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@google-cloud/dlp: Vulnerability found",
"severity": "critical"
},
{
"type": "npm-audit",
"message": "@modelcontextprotocol/sdk: Anthropic's MCP TypeScript SDK has a ReDoS vulnerability",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@opentelemetry/exporter-jaeger: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@smithy/config-resolver: AWS SDK for JavaScript v3 adopted defense in depth enhancement for region parameter value",
"severity": "low"
},
{
"type": "npm-audit",
"message": "ajv: ajv has ReDoS when using `$data` option",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "axios: Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig",
"severity": "high"
},
{
"type": "npm-audit",
"message": "body-parser: body-parser is vulnerable to denial of service when url encoding is used",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "brace-expansion: brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "defu: defu: Prototype pollution via `__proto__` key in defaults argument",
"severity": "high"
},
{
"type": "npm-audit",
"message": "fast-xml-parser: fast-xml-parser has RangeError DoS Numeric Entities Bug",
"severity": "critical"
},
{
"type": "npm-audit",
"message": "flatted: flatted vulnerable to unbounded recursion DoS in parse() revive phase",
"severity": "high"
},
{
"type": "npm-audit",
"message": "follow-redirects: follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "glob: glob CLI: Command injection via -c/--cmd executes matches with shell:true",
"severity": "high"
},
{
"type": "npm-audit",
"message": "google-gax: Vulnerability found",
"severity": "critical"
},
{
"type": "npm-audit",
"message": "jaeger-client: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "js-yaml: js-yaml has prototype pollution in merge (<<)",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "jws: auth0/node-jws Improperly Verifies HMAC Signature",
"severity": "high"
},
{
"type": "npm-audit",
"message": "lodash: Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions",
"severity": "high"
},
{
"type": "npm-audit",
"message": "lodash-es: Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions",
"severity": "high"
},
{
"type": "npm-audit",
"message": "markdown-it: markdown-it is has a Regular Expression Denial of Service (ReDoS)",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "miniflare: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "minimatch: minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"severity": "high"
},
{
"type": "npm-audit",
"message": "modal: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "next: Next.js is vulnerable to RCE in React flight protocol",
"severity": "critical"
},
{
"type": "npm-audit",
"message": "node-forge: node-forge has ASN.1 Unbounded Recursion",
"severity": "high"
},
{
"type": "npm-audit",
"message": "path-to-regexp: path-to-regexp vulnerable to Denial of Service via sequential optional groups",
"severity": "high"
},
{
"type": "npm-audit",
"message": "picomatch: Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"severity": "high"
},
{
"type": "npm-audit",
"message": "postcss: PostCSS has XSS via Unescaped </style> in its CSS Stringify Output",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "protobufjs: protobufjs Prototype Pollution vulnerability",
"severity": "critical"
},
{
"type": "npm-audit",
"message": "qs: qs's arrayLimit bypass in comma parsing allows denial of service",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "redact-pii: Vulnerability found",
"severity": "critical"
},
{
"type": "npm-audit",
"message": "rollup: Rollup 4 has Arbitrary File Write via Path Traversal",
"severity": "high"
},
{
"type": "npm-audit",
"message": "smol-toml: smol-toml: Denial of Service via TOML documents containing thousands of consecutive commented lines",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "tar: node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal",
"severity": "high"
},
{
"type": "npm-audit",
"message": "underscore: Underscore has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack",
"severity": "high"
},
{
"type": "npm-audit",
"message": "undici: Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion",
"severity": "high"
},
{
"type": "npm-audit",
"message": "uuid: uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "vibekit-proxy: Vulnerability found",
"severity": "critical"
},
{
"type": "npm-audit",
"message": "vite: Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling",
"severity": "high"
},
{
"type": "npm-audit",
"message": "wrangler: Wrangler affected by OS Command Injection in `wrangler pages deploy`",
"severity": "high"
},
{
"type": "npm-audit",
"message": "yaml: yaml is vulnerable to Stack Overflow via deeply nested YAML collections",
"severity": "medium"
}
],
"status": "FAILED",
"scannedAt": "2026-04-26T06:07:52.810Z",
"semgrepRan": false,
"npmAuditRan": true,
"pipAuditRan": true
}No comments yet. Be the first to share your thoughts!
Run Claude Code, Gemini, Codex — or any coding agent — in a clean, isolated sandbox with sensitive data redaction and observability baked in.
Install the VibeKit CLI globally:
npm install -g vibekit
Run claude code with enhanced security and tracking
vibekit claude
🐳 Local sandbox - Runs agent output in isolated Docker containers — zero risk to your local setup
🔒 Built-in redaction - Auto-removes secrets, api keys, and other sensitive data completions
📊 Observability - Complete visibility into agent operations with real-time logs, traces, and metrics
🌐 Universal agent support - Works with Claude Code, Gemini CLI, Grok CLI, Codex CLI, OpenCode, and more
💻 Works offline & locally - No cloud dependencies or internet required — works entirely on your machine
Looking to integrate VibeKit into your application? Check out these packages:
Run coding agents in secure sandboxes with full control and monitoring.
npm install @vibe-kit/sdk
Perfect for building applications that need to execute AI-generated code safely.
Use your MAX subscriptions in AI Apps.
npm install @vibe-kit/auth
Handle authentication flows for your VibeKit-powered applications.
Contributions welcome! Open an issue, start a discussion, or submit a pull request.
MIT — see LICENSE for details.
© 2025 Superagent Technologies Inc.