v5.12.3 - Socket.dev triage & pipe-mode hardening

A hardening and supply-chain hygiene release. No breaking changes; all 3,269 tests across 33 suites pass.

v5.12.3 — Socket.dev triage & pipe-mode hardening

A hardening and supply-chain hygiene release. No breaking changes; all 3,269 tests across 33 suites pass.

Security

• Console pipe mode is now fail-closed. In --pipe mode (network-ai console --pipe), operations that require human approval (e.g. rm, git push, npm publish) are now denied with a clear JSON error instead of hanging on an unreachable interactive approver. Untrusted stdin can no longer leave a high-risk command silently pending. exec/spawn remain gated by the AgentRuntime SandboxPolicy, and --auto-approve is required to permit approval-gated operations in pipe mode.

Changed

• Socket.dev supply-chain triage for the dual build. Added a gptSecurity triage entry for the local, opt-in console pipe-mode control surface (it reads its own stdin — there is no network listener — and every privileged path is policy-gated), plus dist/esm/… triage mirrors (11 networkAccess, 2 shellAccess) for the ESM output introduced by the dual CJS+ESM build. The flagged capabilities — BYOC adapter fetch and AgentRuntime child_process — are intentional and policy-gated; the triage documents why.
• Version bump 5.12.2 → 5.12.3 across package.json, skill.json, openapi.yaml, the README badge, the Claude Code plugin manifests, and documentation headers.

Install

npm install network-ai@5.12.3