Does @redocly/cli have any known vulnerabilities?

No known CVE vulnerabilities were found for @redocly/cli v2.18.2 in the brin database.

What capabilities does @redocly/cli have?

@redocly/cli has the following detected capabilities: network access, filesystem access, process spawning, environment variable access. Review these before using with AI coding agents.

Can I use @redocly/cli safely with AI coding agents?

@redocly/cli has been flagged with risk indicators. Review the detected threats and capabilities before using with AI coding agents. Assessments are automated and may contain errors.

@redocly/cli

Q: Is @redocly/cli safe to use?

@redocly/cli v2.18.2 has been flagged for review in the latest brin safety scan. Trust score: 85/100. Manual review is recommended. This is an automated assessment.

npm

Is @redocly/cli safe to use?

The latest brin safety scan flagged @redocly/cli v2.18.2 with risk indicators that warrant review. No known CVE vulnerabilities and 1 detected threat pattern, including patterns consistent with weak crypto. Trust score: 85/100. Review the findings below before use. This is an automated assessment and may contain errors.

Install (safety-checked)

@redocly/cli Has Confirmed Threats

Confirmed threat patterns detected in this package

critical

CVEs

Threats

Install Scripts

Risk Indicators

•Detected patterns consistent with WeakCrypto (90% confidence)

@redocly/cli Confirmed Threats (1)

Weak Cryptography

confidence: 90%confirmed

Location: lib/auth/oauth-client.js:42

this.iv = crypto.createHash('md5').update(this.credentialsFolderPath).digest();

brin Recommendations

→This package is assessed as high-risk. Manual review is strongly recommended before use.
→1 verified threat pattern detected. Review the specific findings and consider alternatives.

This is an automated, point-in-time assessment and may contain errors. Findings are risk indicators, not confirmed threats. Security posture may change over time. Maintainers can dispute findings via the brin review process.

@redocly/cli Capabilities & Permissions

What @redocly/cli can access when installed. Review these capabilities before using with AI agents like Cursor, Claude Code, or Codex.

Network Access

This package makes network requests.

app.cloud.eu.redocly.comapp.cloud.redocly.comcdn.redocly.comgithub.comotel.cloud.redocly.comredocly.comregistry.npmjs.orgwww.thespanner.co.uk

Protocols: http, https

Filesystem Access

Reads and writes to the filesystem.

package.json (r)package.json (r).env (r).env (rw).env (rw).env (rw).env (rw).env (rw)+11 more

Process Spawning

This package can spawn child processes.

npm

Environment Variables

Accesses the following environment variables.

CIHTTPS_PROXYHTTP_PROXYLAMBDA_TASK_ROOTNODE_ENVOTEL_TRACES_URLREDOCLY_AUTHORIZATIONREDOCLY_CLI_TELEMETRY_METADATAREDOCLY_DOMAINREDOCLY_ENVIRONMENT+2 more

AGENTS.md for @redocly/cli

Good instructions lead to good results. brin adds @redocly/cli documentation to your AGENTS.md so your agent knows how to use it properly—improving both safety and performance.

brin init

Vercel's research: 100% accuracy with AGENTS.md vs 53% without →

@redocly/cli Documentation & Source Code

For the full @redocly/cli README, API documentation, and source code, visit the official package registry.

View on npm View Source

Frequently asked questions about @redocly/cli safety

Install (safety-checked)

Weekly Downloads

1.0M

Version

2.18.2

License

MIT

Other Versions

Last Scanned

4 days ago

Trust Score

85/100·Legitimacy signals, not safety

Confirmed Threats (1)

weak cryptoconfirmed

Location: lib/auth/oauth-client.js:42

Confidence: 90%

this.iv = crypto.createHash('md5').update(this.credentialsFolderPath).digest();

Confirmed threats have been validated by human review and represent real risks.

Capabilities

Network

Connects to: app.cloud.eu.redocly.com, app.cloud.redocly.com, cdn.redocly.com...

Filesystem

Reads & Writes files

Process

Spawns child processes

Environment

Accesses: CI, HTTPS_PROXY, HTTP_PROXY...