CopilotKit Case Study
Verified baseline scan — CVE Lite CLI v1.22.0 · 2026-06-14 (remediation measured v1.23.0 · 2026-06-21)
Summary
- Project: CopilotKit — agentic frontend stack (React, Angular, Vue, mobile, Slack) and makers of the AG-UI Protocol
- Revision:
9111a1f2ace20b787e403451182b733ecd761fcb - Lockfile:
pnpm-lock.yaml(4,367 resolved packages, pnpm + Nx monorepo) - Baseline findings: 48 unique vulnerable packages (2 critical · 18 high · 26 medium · 2 low)
- OSV advisory matches: 84 CVE/advisory entries deduplicated into 48 packages
- Direct vs transitive: 2 direct / 46 transitive
- Validated fix command groups generated: 4
- First-pass coverage: 7 of 48 findings have confident copy-and-run commands
- pnpm audit (same lockfile): 117 vulnerability entries (7 critical · 43 high · 54 moderate · 13 low)
- Remediation applied in this study: four root-level command groups applied cumulatively on a test checkout of CopilotKit@9111a1f (2026-06-21), rescanned through the committed lockfile fixture after each pass
What this case study demonstrates
CopilotKit is a large pnpm + Nx monorepo spanning SDK packages, framework bindings (React, Angular, Vue, React Native), Storybook examples, and showcase apps — 4,367 resolved packages in one lockfile. It extends CVE Lite's AI agent / generative UI coverage alongside Mastra, OpenAI Agents JS, and the Vercel AI SDK.
The direct/transitive split at this revision is 2 direct / 46 transitive — most risk sits in framework stacks, observability, and build tooling rather than a handful of root manifest entries:
[email protected] — critical, direct · dev. CVE Lite generates a breaking major upgrade to [email protected] with pnpm add --filter … across 20 workspace packages (demo apps, core packages, showcase harness).
[email protected] — high, direct. Filtered upgrade to [email protected] across Angular, React, and Vue Storybook example workspaces.
[email protected] — critical, transitive. No auto-generated fix command — requires parent-chain analysis.
High transitive clusters: three esbuild versions (dev), two next versions, @angular/core, [email protected], [email protected] (GraphQL codegen chain), and [email protected] with no known fix.
CVE Lite also emits within-range lockfile refresh groups for axios, picomatch, tmp, brace-expansion, and follow-redirects via pnpm update --recursive --no-save ….
Comparison Note: CVE Lite CLI vs pnpm audit
Both tools were run against the same pnpm-lock.yaml on the same machine on 2026-06-14.
| Metric | pnpm audit | CVE Lite CLI v1.22.0 |
|---|---|---|
| Packages parsed / audited | 4,367 | 4,367 |
| Total reported findings | 117 | 48 |
| Critical | 7 | 2 |
| High | 43 | 18 |
| Moderate / Medium | 54 | 26 |
| Low | 13 | 2 |
| Direct vs transitive breakdown | ✗ | ✓ (2 / 46) |
| Deduplicated package view | ✗ | ✓ |
| Validated fix targets | partial | ✓ |
| Copy-and-run command groups | ✗ | ✓ (4 groups) |
| Skipped findings with reason | ✗ | ✓ (41 entries) |
Why the totals differ: pnpm audit counts 117 vulnerability entries (advisory × path rows). CVE Lite counts 48 unique vulnerable package versions once each. Multiple esbuild, next, uuid, and ws majors each appear as separate unique packages in CVE Lite; pnpm audit emits multiple rows per advisory path.
Critical severity: pnpm audit reports 7 critical entries; CVE Lite reports 2 critical unique packages (vitest, shell-quote). Both flag the same underlying critical packages — CVE Lite deduplicates path-expanded rows.
Fix guidance: CVE Lite generates 4 command groups covering 7 findings on first pass, including multi-workspace pnpm add --filter … for vitest and storybook — the pattern CopilotKit maintainers need for Nx/pnpm monorepos.
Before vs After
Remediation results from applying the scanner's four command groups one at a time on a full checkout of CopilotKit@9111a1f, rescanned through the committed examples/copilotkit lockfile fixture after each pass (CVE Lite v1.23.0 · 2026-06-21). The 2026-06-14 baseline recorded 48 findings; OSV advisory updates produce a 64-finding starting count on this remeasurement date.
| Stage | Findings | Critical | High | Medium | Low | Direct | Transitive | Command groups |
|---|---|---|---|---|---|---|---|---|
| Baseline (verified) | 64 | 2 | 31 | 25 | 6 | 2 | 62 | 4 |
After critical direct fix ([email protected]) | 63 | 1 | 31 | 25 | 6 | 1 | 62 | 3 |
After high direct fix ([email protected]) | 62 | 1 | 30 | 25 | 6 | 0 | 62 | 2 |
| After high within-range refreshes | 59 | 1 | 27 | 25 | 6 | 0 | 59 | 2 |
| After medium within-range refreshes | 57 | 1 | 27 | 23 | 6 | 0 | 57 | 1 |
The finding count dropped from 64 to 57 across four command groups. Both direct levers cleared by pass 2 (vitest critical, storybook high). Critical count dropped from 2 to 1 — the remaining critical is transitive [email protected] with no auto-generated fix command. High-severity findings dropped from 31 to 27. Command groups dropped from 4 to 1.
Fix Journey
The instinct on 2 critical findings is a root pnpm add. CVE Lite shows why that fails for shell-quote (transitive) while vitest needs a filtered major bump across 20 workspaces marked breaking.
Pass 1 — critical direct fix:
pnpm add --filter ./examples/v2/react/demo --filter ./packages/a2ui-renderer --filter ./packages/agentcore-runner --filter ./packages/angular --filter ./packages/core --filter ./packages/demo-agents --filter ./packages/react-core --filter ./packages/react-native --filter ./packages/react-textarea --filter ./packages/react-ui --filter ./packages/runtime --filter ./packages/runtime-client-gql --filter ./packages/sdk-js --filter ./packages/shared --filter ./packages/sqlite-runner --filter ./packages/voice --filter ./packages/vue --filter ./packages/web-inspector --filter ./showcase/harness --filter ./showcase/scripts [email protected]
Clears the critical direct [email protected] row. Findings 64 → 63; critical 2 → 1; direct 2 → 1.
Pass 2 — high direct fix:
pnpm add --filter ./examples/v2/angular/storybook --filter ./examples/v2/react/storybook --filter ./examples/v2/vue/storybook [email protected]
Clears the high direct [email protected] row. Findings 63 → 62; high 31 → 30; direct 1 → 0.
Pass 3 — high within-range refreshes:
pnpm update --recursive --no-save axios && pnpm update --recursive --no-save picomatch && pnpm update --no-save tmp && pnpm update --recursive --no-save undici
Findings 62 → 59; high 30 → 27.
Pass 4 — medium within-range refreshes:
pnpm update --recursive --no-save brace-expansion && pnpm update --recursive --no-save follow-redirects
Findings 59 → 57; medium 25 → 23. Command groups 2 → 1.
After four passes, 57 findings remain — mostly transitive framework and toolchain rows with ⊘ skipped parent upgrades (next, @angular/core, react-router, three esbuild versions) plus critical [email protected] with no auto-generated fix command.
Why this matters
CopilotKit sits at the intersection of agentic UI frameworks and large pnpm monorepos — Clerk-scale complexity with AI SDK providers, Storybook matrices, and Nx task graphs in one lockfile.
CVE Lite's value is deduplication and actionable grouping at 4,367-package scale: 48 unique findings, 2 direct levers, 4 command groups, and 41 skipped findings with reasons — versus 117 pnpm audit rows without remediation structure.
Scan command
Run from the CopilotKit repository root or from the examples/copilotkit directory in this repository:
cve-lite . --verbose --all
The example lockfile reflects CopilotKit at revision 9111a1f2ace20b787e403451182b733ecd761fcb. OSV advisory data changes over time — re-scanning may show different counts on the same revision.
Every number in the baseline table comes from a live scan of the committed fixture at examples/copilotkit/ in the CVE Lite CLI repository. Remediation pass counts were measured on 2026-06-21.
| Field | Value |
|---|---|
| Baseline scan date | 2026-06-14 |
| Remediation measurement date | 2026-06-21 |
| CLI version (baseline) | v1.22.0 |
| CLI version (remediation passes) | v1.23.0 |
| CVE Lite command | node dist/index.js examples/copilotkit --verbose --all --json |
| pnpm audit command | pnpm audit (pnpm from lockfile, Node.js 24) |
| Advisory source | OSV (https://api.osv.dev) — online mode |
| Lockfile source | examples/copilotkit/pnpm-lock.yaml from CopilotKit/CopilotKit@9111a1f |
| Packages parsed (CVE Lite) | 4,367 |
| Unique vulnerable packages (CVE Lite, 2026-06-14) | 48 |
| Vulnerability entries (pnpm audit) | 117 |
| Fix command groups (CVE Lite) | 4 |
| First-pass covered findings (CVE Lite) | 7 |
| Skipped findings with reason (CVE Lite) | 41 |
Reproduce CVE Lite locally from the repository root:
npm install
npm run build
node dist/index.js examples/copilotkit --verbose --all
Reproduce pnpm audit from the example directory:
cd examples/copilotkit
pnpm audit
Both tools were run against the same pnpm-lock.yaml on the same machine on 2026-06-14.
Remaining risk after remediation passes
57 findings remain open after the measured four-pass workflow (down from 64 at the 2026-06-21 remeasurement baseline). The 2026-06-14 baseline table below still lists 48 packages.
- 1 critical:
[email protected](transitive) — no auto-generated fix command - 27 high: including two
nextversions,@angular/[email protected],[email protected],[email protected],[email protected](no fix), fourwsversions, and other framework/toolchain transitive rows - 23 medium: including six
uuidversions, threepostcssversions,[email protected],[email protected], and other skipped parent-upgrade targets - 6 low: including
@ai-sdk/[email protected],[email protected](no fix)
Both direct levers (vitest, storybook) cleared by pass 2. The remaining work is almost entirely transitive — parent upgrades, framework releases, or manual chain analysis. One command group remains for the next confident pass.
Baseline findings
Full vulnerable package list from the verified scan on 2026-06-14 (revision 9111a1f):
| Package | Version | Severity | Relationship | Fix hint | Advisory IDs |
|---|---|---|---|---|---|
| shell-quote | 1.8.3 | critical | transitive | 1.8.4 ⊘ | CVE-2026-9277, GHSA-w7jw-789q-3m8p |
| vitest | 3.2.4 | critical | direct · dev | 4.1.0 | CVE-2026-47429, GHSA-5xrq-8626-4rwp |
| @angular/compiler | 19.2.18 | high | transitive · dev | 19.2.20 ⊘ | CVE-2026-32635, GHSA-g93w-mfhg-p222 |
| @angular/core | 19.2.18 | high | transitive | 19.2.20 ⊘ | CVE-2026-32635, CVE-2026-27970, GHSA-g93w-mfhg-p222, GHSA-prjf-86w9-mfqv |
| @babel/plugin-transform-modules-systemjs | 7.28.5 | high | transitive | 7.29.4 ⊘ | CVE-2026-44728, GHSA-fv7c-fp4j-7gwp |
| axios | 1.15.2 | high | transitive | 1.16.0 | CVE-2026-44494, CVE-2026-44489, CVE-2026-44488, CVE-2026-44490 |
| esbuild | 0.25.12 | high | transitive · dev | 0.28.1 ⊘ | GHSA-gv7w-rqvm-qjhr |
| esbuild | 0.25.4 | high | transitive · dev | 0.28.1 ⊘ | GHSA-gv7w-rqvm-qjhr |
| esbuild | 0.27.3 | high | transitive · dev | 0.28.1 ⊘ | GHSA-g7r4-m6w7-qqqr, GHSA-gv7w-rqvm-qjhr |
| fast-uri | 3.1.0 | high | transitive | 3.1.2 ⊘ | CVE-2026-6321, CVE-2026-6322, GHSA-q3j6-qgpj-74h6, GHSA-v39h-62p7-jpjc |
| fast-xml-builder | 1.1.4 | high | transitive | 1.1.7 ⊘ | CVE-2026-44665, GHSA-5wm8-gmm8-39j9 |
| immutable | 5.1.4 | high | transitive · dev | 5.1.5 ⊘ | CVE-2026-29063, GHSA-wf6x-7x77-mvgw |
| langsmith | 0.5.25 | high | transitive | 0.6.0 ⊘ | CVE-2026-45134, GHSA-3644-q5cj-c5c7 |
| next | 16.1.3 | high | transitive | 16.2.6 ⊘ | CVE-2026-44575, CVE-2026-45109, CVE-2026-44573, CVE-2026-44572 |
| next | 16.2.3 | high | transitive | 16.2.6 ⊘ | CVE-2026-44575, CVE-2026-45109, CVE-2026-44573, CVE-2026-44572 |
| parse-git-config | 2.0.3 | high | transitive · dev | ⚠ no fix | CVE-2025-25975, GHSA-8g77-54rh-46hx |
| picomatch | 2.3.1 | high | transitive · dev | 2.3.2 | CVE-2026-33672, CVE-2026-33671, GHSA-3v7f-55p6-f55p, GHSA-c2c7-rcm5-vvqj |
| react-router | 7.13.2 | high | transitive | 7.15.0 ⊘ | CVE-2026-40181, CVE-2026-42211, CVE-2026-42342, CVE-2026-34077 |
| storybook | 10.1.11 | high | direct | 10.2.10 | CVE-2026-27148, GHSA-mjf5-7g4m-gx5w |
| tmp | 0.2.5 | high | transitive · dev | 0.2.6 | CVE-2026-44705, GHSA-ph9p-34f9-6g65 |
| ajv | 6.12.6 | medium | transitive · dev | 6.14.0 ⊘ | CVE-2025-69873, GHSA-2g4f-4pwh-qvx6 |
| brace-expansion | 5.0.5 | medium | transitive · dev | 5.0.6 | CVE-2026-45149, GHSA-jxxr-4gwj-5jf2 |
| fast-xml-parser | 5.5.8 | medium | transitive | 5.7.0 ⊘ | CVE-2026-41650, GHSA-gh4j-gqv2-49f6 |
| follow-redirects | 1.15.11 | medium | transitive | 1.16.0 | GHSA-r4q5-vmmm-2653 |
| hono | 4.12.15 | medium | transitive | 4.12.21 ⊘ | CVE-2026-47676, CVE-2026-47675, CVE-2026-44455, CVE-2026-44456 |
| ip-address | 10.1.0 | medium | transitive | 10.1.1 ⊘ | CVE-2026-42338, GHSA-v2v4-37r5-5v8g |
| joi | 17.13.3 | medium | transitive | 17.13.4 ⊘ | CVE-2026-48038, GHSA-q7cg-457f-vx79 |
| mermaid | 11.12.2 | medium | transitive | 11.15.0 ⊘ | CVE-2026-41150, CVE-2026-41159, CVE-2026-41149, CVE-2026-41148 |
| nuxt | 3.17.5 | medium | transitive | 3.21.6 ⊘ | CVE-2026-45669, CVE-2026-46342, CVE-2026-47200, CVE-2025-59414 |
| postcss | 8.4.31 | medium | transitive | 8.5.10 ⊘ | CVE-2026-41305, GHSA-qx2v-qp2m-jg93 |
| postcss | 8.5.2 | medium | transitive · dev | 8.5.10 ⊘ | CVE-2026-41305, GHSA-qx2v-qp2m-jg93 |
| postcss | 8.5.6 | medium | transitive | 8.5.10 ⊘ | CVE-2026-41305, GHSA-qx2v-qp2m-jg93 |
| qs | 6.15.1 | medium | transitive | 6.15.2 ⊘ | CVE-2026-8723, GHSA-q8mj-m7cp-5q26 |
| turbo | 2.7.3 | medium | transitive · dev | 2.9.14 ⊘ | CVE-2026-45772, CVE-2026-45773, GHSA-3qcw-2rhx-2726, GHSA-hcf7-66rw-9f5r |
| uuid | 10.0.0 | medium | transitive | 11.1.1 ⊘ | CVE-2026-41907, GHSA-w5hq-g745-h8pq |
| uuid | 11.1.0 | medium | transitive | 11.1.1 ⊘ | CVE-2026-41907, GHSA-w5hq-g745-h8pq |
| uuid | 13.0.0 | medium | transitive | 13.0.1 ⊘ | CVE-2026-41907, GHSA-w5hq-g745-h8pq |
| uuid | 7.0.3 | medium | transitive | 11.1.1 ⊘ | CVE-2026-41907, GHSA-w5hq-g745-h8pq |
| uuid | 8.3.2 | medium | transitive | 11.1.1 ⊘ | CVE-2026-41907, GHSA-w5hq-g745-h8pq |
| uuid | 9.0.1 | medium | transitive | 11.1.1 ⊘ | CVE-2026-41907, GHSA-w5hq-g745-h8pq |
| webpack-dev-server | 5.2.2 | medium | transitive | 5.2.4 ⊘ | CVE-2026-6402, GHSA-79cf-xcqc-c78w |
| ws | 8.17.1 | medium | transitive · dev | 8.20.1 ⊘ | CVE-2026-45736, GHSA-58qx-3vcg-4xpx |
| ws | 8.18.0 | medium | transitive · dev | 8.20.1 ⊘ | CVE-2026-45736, GHSA-58qx-3vcg-4xpx |
| ws | 8.18.3 | medium | transitive · dev | 8.20.1 ⊘ | CVE-2026-45736, GHSA-58qx-3vcg-4xpx |
| ws | 8.19.0 | medium | transitive | 8.20.1 ⊘ | CVE-2026-45736, GHSA-58qx-3vcg-4xpx |
| yaml | 1.10.2 | medium | transitive | 1.10.3 ⊘ | CVE-2026-33532, GHSA-48c2-rrv3-qjmp |
| @ai-sdk/provider-utils | 3.0.22 | low | transitive | 4.0.0 ⊘ | CVE-2026-8769, GHSA-866g-f22w-33x8 |
| elliptic | 6.6.1 | low | transitive | ⚠ no fix | CVE-2025-14505, GHSA-848j-6mx2-7j84 |
Want your project reviewed?
If you maintain an interesting JavaScript or TypeScript project and want CVE Lite CLI considered for a public case study, open an issue in the CVE Lite CLI repository.
Please include:
- the repository link
- why the project would make a useful case study
- whether the dependency graph is publicly reproducible
Not every project will be selected. Preference will go to projects that are publicly useful, technically interesting, and strong examples of realistic dependency remediation workflows.