Home
Tech News
Dev Tools
Free APIs
AI Models
Projects

Main

Home Tech News Dev Tools Free APIs AI Models Projects

Explore More

Articles Videos Jobs Podcasts Reddit Stack Overflow Events Dashboard Collections Roadmaps Compare Tech Challenges AI Tools Salary Polls Code Explainer Resume AI My Profile

Tools & Fun

Portfolio Gen Interview Coach JSON Formatter Open Source Tech Glossary Dev Memes

TechForDev

Your daily source for tech news, AI tools, developer articles, and trending projects. Auto-updated, always fresh.

Explore

Tech News
AI Tools
Free APIs
AI Models
Articles
Projects

More

Videos
Remote Jobs
Reddit
Events
Roadmaps
Challenges
Salary Data
Dev Polls
Compare Tech
My Profile

Other

Extensions
Mobile App
Premium
Community
Integrations
Settings

Connect

/ searchAlt+D themen newsr roadmapsc challenges? help

📧 Newsletter

Get weekly tech updates in your inbox

© 2026 TechForDev. All rights reserved.

Privacy Policy Terms of Service Cookie Policy

👋 Need help with code?

AGENTSCORE-2026-0006: `vexp-cli` risk change detected | TechForDev

Back to Articles

AGENTSCORE-2026-0006: `vexp-cli` risk change detected

vexp-cli updated from 2.0.11 to 2.0.12. Score changed 85/100 to 65/100 (-20). Risk: LOW to ELEVATED....

AGENTSCORE-2026-0006: `vexp-cli` risk change detected

vexp-cli updated from 2.0.11 to 2.0.12. Score changed 85/100 to 65/100 (-20). Risk: LOW to ELEVATED. 3 findings.

Package

Name: vexp-cli
Version: 2.0.11 to 2.0.12
Score: 85/100 to 65/100
Risk: LOW to ELEVATED

Findings

[MEDIUM] no_repository: Package has no repository link — source code is not verifiable
[HIGH] command_injection: Potential command injection: shell execution with template literal input
[LOW] no_provenance: Package is not published with provenance attestations or trusted publishing. Published by: vexp

Full advisory: AGENTSCORE-2026-0006

Verdict API: curl https://agentscores.xyz/api/verdict?npm=vexp-cli

Auto-published by AgentScore MCP security monitoring.

Tags

#security #mcp #npm #supplychain

Share:

Read the original article and join the discussion on Dev.to

Author

Michael Kayode Onyekwere

@michael_onyekwere

Stats

Reactions0

Comments0

Read Time1 min

Published

You Might Also Like

Architecture Documentation as a First-Class Engineering Asset

Alexander Tyutin4d ago • 7 min read

Architecture Documentation as a First-Class Engineering Asset

How autonomous AI agents can generate a complete architecture snapshot of your microservices platfor...

#architecture#security#ai#agents

44 22

April 18, 2026

Partial Password Authentication

Muhammad Hassan6d ago • 6 min read

Partial Password Authentication

Recently, I switched to another bank, and after setting up the online banking credentials and trying...

#security#backend

39 0

VoxMind: A Secure, Local-First Voice AI Agent on the Edge

Devansh Kalwani6d ago • 3 min read

VoxMind: A Secure, Local-First Voice AI Agent on the Edge

Building VoxMind: A Secure, Local-First Voice AI Agent on the Edge In the era of...

#agents#ai#security#showdev

3 1

The Vercel Breach: What Actually Happened, Why It Matters, and What Every Developer Should Do Right Now

freerave1d ago • 7 min read

The Vercel Breach: What Actually Happened, Why It Matters, and What Every Developer Should Do Right Now

A deep technical breakdown of the April 2026 Vercel security incident — supply chain risks,...

#security#vercel#devops#cybersecurity

3 2

TOTP From First Principles: Building an RFC 4226 / 6238 CLI in Rust

SEN LLC5d ago • 9 min read

TOTP From First Principles: Building an RFC 4226 / 6238 CLI in Rust

A small Rust CLI that generates TOTP / HOTP codes, parses otpauth:// URIs, and verifies...

#rust#cli#security#tutorial

1 0

CVEs are vulnerabilities(!!!) and part 2 of my Notion automation

Amara Graham6d ago • 3 min read

CVEs are vulnerabilities(!!!) and part 2 of my Notion automation

I made you a video and a blog featuring vulnerability tracking, Notion, Gemini, and Kestra.

#orchestration#automation#security

4 3