Skip to content
This repository was archived by the owner on Jun 5, 2025. It is now read-only.

Cline integration: false positives for irrelevant package ecosystems #1343

Open
danbarr opened this issue Apr 7, 2025 · 0 comments
Open

Cline integration: false positives for irrelevant package ecosystems #1343

danbarr opened this issue Apr 7, 2025 · 0 comments
Labels
bug

Comments

@danbarr
Copy link
Contributor

danbarr commented Apr 7, 2025

Describe the issue

When using Cline as my client, CodeGate is warning me about deprecated packages that are not relevant for a few reasons:

  1. For package ecosystems different than the language I'm working in (ex: working in a .go file, but getting warnings about rust/npm packages)
  2. For packages that aren't actually package inclusions in a file, just keywords that happen to match a very generic package name (ex: file happens to have "vscode" in a variable name or string value, getting a warning about npm/vscode, same for the word "runtime" warning about rust/runtime)

The same doesn't happen with Copilot or Continue.

Steps to Reproduce

An example Go file that CodeGate warns on via Cline is below. The CodeGate warning is:

Warning: CodeGate detected one or more malicious, deprecated or archived packages.

Pkg 1: https://www.insight.stacklok.com/report/crates/runtime
Pkg 2: https://www.insight.stacklok.com/report/npm/vscode
** critical vulnerability found, you must take action **

package main

import (
	"fmt"
	"os"
	"path/filepath"
	"runtime"
)

func main() {
	// Get the current operating system
	currentOS := runtime.GOOS

	// Define a path to VSCode configuration based on OS
	var vscodeConfigPath string

	switch currentOS {
	case "windows":
		vscodeConfigPath = filepath.Join(os.Getenv("APPDATA"), "Code", "User", "settings.json")
	case "darwin":
		vscodeConfigPath = filepath.Join(os.Getenv("HOME"), "Library", "Application Support", "Code", "User", "settings.json")
	case "linux":
		vscodeConfigPath = filepath.Join(os.Getenv("HOME"), ".config", "Code", "User", "settings.json")
	default:
		fmt.Println("Unsupported operating system for VSCode configuration")
		os.Exit(1)
	}

	fmt.Printf("VSCode configuration path for %s: %s\n", currentOS, vscodeConfigPath)
}

Operating System

MacOS (Arm)

IDE and Version

VS Code 1.99.0

Extension and Version

Cline 3.9.2

Provider

Other

Model

Any

Codegate version

v0.1.31

Logs

No response

Additional Context

No response
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@danbarr @lukehinds