Skip to main content

CopilotKit Case Study

Verified baseline scan — CVE Lite CLI v1.22.0 · 2026-06-14 (remediation measured v1.23.0 · 2026-06-21)

CopilotKit logo

Summary

  • Project: CopilotKit — agentic frontend stack (React, Angular, Vue, mobile, Slack) and makers of the AG-UI Protocol
  • Revision: 9111a1f2ace20b787e403451182b733ecd761fcb
  • Lockfile: pnpm-lock.yaml (4,367 resolved packages, pnpm + Nx monorepo)
  • Baseline findings: 48 unique vulnerable packages (2 critical · 18 high · 26 medium · 2 low)
  • OSV advisory matches: 84 CVE/advisory entries deduplicated into 48 packages
  • Direct vs transitive: 2 direct / 46 transitive
  • Validated fix command groups generated: 4
  • First-pass coverage: 7 of 48 findings have confident copy-and-run commands
  • pnpm audit (same lockfile): 117 vulnerability entries (7 critical · 43 high · 54 moderate · 13 low)
  • Remediation applied in this study: four root-level command groups applied cumulatively on a test checkout of CopilotKit@9111a1f (2026-06-21), rescanned through the committed lockfile fixture after each pass

What this case study demonstrates

CopilotKit is a large pnpm + Nx monorepo spanning SDK packages, framework bindings (React, Angular, Vue, React Native), Storybook examples, and showcase apps — 4,367 resolved packages in one lockfile. It extends CVE Lite's AI agent / generative UI coverage alongside Mastra, OpenAI Agents JS, and the Vercel AI SDK.

The direct/transitive split at this revision is 2 direct / 46 transitive — most risk sits in framework stacks, observability, and build tooling rather than a handful of root manifest entries:

[email protected] — critical, direct · dev. CVE Lite generates a breaking major upgrade to [email protected] with pnpm add --filter … across 20 workspace packages (demo apps, core packages, showcase harness).

[email protected] — high, direct. Filtered upgrade to [email protected] across Angular, React, and Vue Storybook example workspaces.

[email protected] — critical, transitive. No auto-generated fix command — requires parent-chain analysis.

High transitive clusters: three esbuild versions (dev), two next versions, @angular/core, [email protected], [email protected] (GraphQL codegen chain), and [email protected] with no known fix.

CVE Lite also emits within-range lockfile refresh groups for axios, picomatch, tmp, brace-expansion, and follow-redirects via pnpm update --recursive --no-save ….


Comparison Note: CVE Lite CLI vs pnpm audit

Both tools were run against the same pnpm-lock.yaml on the same machine on 2026-06-14.

Metricpnpm auditCVE Lite CLI v1.22.0
Packages parsed / audited4,3674,367
Total reported findings11748
Critical72
High4318
Moderate / Medium5426
Low132
Direct vs transitive breakdown✓ (2 / 46)
Deduplicated package view
Validated fix targetspartial
Copy-and-run command groups✓ (4 groups)
Skipped findings with reason✓ (41 entries)

Why the totals differ: pnpm audit counts 117 vulnerability entries (advisory × path rows). CVE Lite counts 48 unique vulnerable package versions once each. Multiple esbuild, next, uuid, and ws majors each appear as separate unique packages in CVE Lite; pnpm audit emits multiple rows per advisory path.

Critical severity: pnpm audit reports 7 critical entries; CVE Lite reports 2 critical unique packages (vitest, shell-quote). Both flag the same underlying critical packages — CVE Lite deduplicates path-expanded rows.

Fix guidance: CVE Lite generates 4 command groups covering 7 findings on first pass, including multi-workspace pnpm add --filter … for vitest and storybook — the pattern CopilotKit maintainers need for Nx/pnpm monorepos.


Before vs After

Remediation results from applying the scanner's four command groups one at a time on a full checkout of CopilotKit@9111a1f, rescanned through the committed examples/copilotkit lockfile fixture after each pass (CVE Lite v1.23.0 · 2026-06-21). The 2026-06-14 baseline recorded 48 findings; OSV advisory updates produce a 64-finding starting count on this remeasurement date.

StageFindingsCriticalHighMediumLowDirectTransitiveCommand groups
Baseline (verified)642312562624
After critical direct fix ([email protected])631312561623
After high direct fix ([email protected])621302560622
After high within-range refreshes591272560592
After medium within-range refreshes571272360571

The finding count dropped from 64 to 57 across four command groups. Both direct levers cleared by pass 2 (vitest critical, storybook high). Critical count dropped from 2 to 1 — the remaining critical is transitive [email protected] with no auto-generated fix command. High-severity findings dropped from 31 to 27. Command groups dropped from 4 to 1.


Fix Journey

The instinct on 2 critical findings is a root pnpm add. CVE Lite shows why that fails for shell-quote (transitive) while vitest needs a filtered major bump across 20 workspaces marked breaking.

Pass 1 — critical direct fix:

pnpm add --filter ./examples/v2/react/demo --filter ./packages/a2ui-renderer --filter ./packages/agentcore-runner --filter ./packages/angular --filter ./packages/core --filter ./packages/demo-agents --filter ./packages/react-core --filter ./packages/react-native --filter ./packages/react-textarea --filter ./packages/react-ui --filter ./packages/runtime --filter ./packages/runtime-client-gql --filter ./packages/sdk-js --filter ./packages/shared --filter ./packages/sqlite-runner --filter ./packages/voice --filter ./packages/vue --filter ./packages/web-inspector --filter ./showcase/harness --filter ./showcase/scripts [email protected]

Clears the critical direct [email protected] row. Findings 64 → 63; critical 2 → 1; direct 2 → 1.

Pass 2 — high direct fix:

pnpm add --filter ./examples/v2/angular/storybook --filter ./examples/v2/react/storybook --filter ./examples/v2/vue/storybook [email protected]

Clears the high direct [email protected] row. Findings 63 → 62; high 31 → 30; direct 1 → 0.

Pass 3 — high within-range refreshes:

pnpm update --recursive --no-save axios && pnpm update --recursive --no-save picomatch && pnpm update --no-save tmp && pnpm update --recursive --no-save undici

Findings 62 → 59; high 30 → 27.

Pass 4 — medium within-range refreshes:

pnpm update --recursive --no-save brace-expansion && pnpm update --recursive --no-save follow-redirects

Findings 59 → 57; medium 25 → 23. Command groups 2 → 1.

After four passes, 57 findings remain — mostly transitive framework and toolchain rows with ⊘ skipped parent upgrades (next, @angular/core, react-router, three esbuild versions) plus critical [email protected] with no auto-generated fix command.


Why this matters

CopilotKit sits at the intersection of agentic UI frameworks and large pnpm monorepos — Clerk-scale complexity with AI SDK providers, Storybook matrices, and Nx task graphs in one lockfile.

CVE Lite's value is deduplication and actionable grouping at 4,367-package scale: 48 unique findings, 2 direct levers, 4 command groups, and 41 skipped findings with reasons — versus 117 pnpm audit rows without remediation structure.


Scan command

Run from the CopilotKit repository root or from the examples/copilotkit directory in this repository:

cve-lite . --verbose --all

The example lockfile reflects CopilotKit at revision 9111a1f2ace20b787e403451182b733ecd761fcb. OSV advisory data changes over time — re-scanning may show different counts on the same revision.

Every number in the baseline table comes from a live scan of the committed fixture at examples/copilotkit/ in the CVE Lite CLI repository. Remediation pass counts were measured on 2026-06-21.

FieldValue
Baseline scan date2026-06-14
Remediation measurement date2026-06-21
CLI version (baseline)v1.22.0
CLI version (remediation passes)v1.23.0
CVE Lite commandnode dist/index.js examples/copilotkit --verbose --all --json
pnpm audit commandpnpm audit (pnpm from lockfile, Node.js 24)
Advisory sourceOSV (https://api.osv.dev) — online mode
Lockfile sourceexamples/copilotkit/pnpm-lock.yaml from CopilotKit/CopilotKit@9111a1f
Packages parsed (CVE Lite)4,367
Unique vulnerable packages (CVE Lite, 2026-06-14)48
Vulnerability entries (pnpm audit)117
Fix command groups (CVE Lite)4
First-pass covered findings (CVE Lite)7
Skipped findings with reason (CVE Lite)41

Reproduce CVE Lite locally from the repository root:

npm install
npm run build
node dist/index.js examples/copilotkit --verbose --all

Reproduce pnpm audit from the example directory:

cd examples/copilotkit
pnpm audit

Both tools were run against the same pnpm-lock.yaml on the same machine on 2026-06-14.


Remaining risk after remediation passes

57 findings remain open after the measured four-pass workflow (down from 64 at the 2026-06-21 remeasurement baseline). The 2026-06-14 baseline table below still lists 48 packages.

Both direct levers (vitest, storybook) cleared by pass 2. The remaining work is almost entirely transitive — parent upgrades, framework releases, or manual chain analysis. One command group remains for the next confident pass.


Baseline findings

Full vulnerable package list from the verified scan on 2026-06-14 (revision 9111a1f):

PackageVersionSeverityRelationshipFix hintAdvisory IDs
shell-quote1.8.3criticaltransitive1.8.4 ⊘CVE-2026-9277, GHSA-w7jw-789q-3m8p
vitest3.2.4criticaldirect · dev4.1.0CVE-2026-47429, GHSA-5xrq-8626-4rwp
@angular/compiler19.2.18hightransitive · dev19.2.20 ⊘CVE-2026-32635, GHSA-g93w-mfhg-p222
@angular/core19.2.18hightransitive19.2.20 ⊘CVE-2026-32635, CVE-2026-27970, GHSA-g93w-mfhg-p222, GHSA-prjf-86w9-mfqv
@babel/plugin-transform-modules-systemjs7.28.5hightransitive7.29.4 ⊘CVE-2026-44728, GHSA-fv7c-fp4j-7gwp
axios1.15.2hightransitive1.16.0CVE-2026-44494, CVE-2026-44489, CVE-2026-44488, CVE-2026-44490
esbuild0.25.12hightransitive · dev0.28.1 ⊘GHSA-gv7w-rqvm-qjhr
esbuild0.25.4hightransitive · dev0.28.1 ⊘GHSA-gv7w-rqvm-qjhr
esbuild0.27.3hightransitive · dev0.28.1 ⊘GHSA-g7r4-m6w7-qqqr, GHSA-gv7w-rqvm-qjhr
fast-uri3.1.0hightransitive3.1.2 ⊘CVE-2026-6321, CVE-2026-6322, GHSA-q3j6-qgpj-74h6, GHSA-v39h-62p7-jpjc
fast-xml-builder1.1.4hightransitive1.1.7 ⊘CVE-2026-44665, GHSA-5wm8-gmm8-39j9
immutable5.1.4hightransitive · dev5.1.5 ⊘CVE-2026-29063, GHSA-wf6x-7x77-mvgw
langsmith0.5.25hightransitive0.6.0 ⊘CVE-2026-45134, GHSA-3644-q5cj-c5c7
next16.1.3hightransitive16.2.6 ⊘CVE-2026-44575, CVE-2026-45109, CVE-2026-44573, CVE-2026-44572
next16.2.3hightransitive16.2.6 ⊘CVE-2026-44575, CVE-2026-45109, CVE-2026-44573, CVE-2026-44572
parse-git-config2.0.3hightransitive · dev⚠ no fixCVE-2025-25975, GHSA-8g77-54rh-46hx
picomatch2.3.1hightransitive · dev2.3.2CVE-2026-33672, CVE-2026-33671, GHSA-3v7f-55p6-f55p, GHSA-c2c7-rcm5-vvqj
react-router7.13.2hightransitive7.15.0 ⊘CVE-2026-40181, CVE-2026-42211, CVE-2026-42342, CVE-2026-34077
storybook10.1.11highdirect10.2.10CVE-2026-27148, GHSA-mjf5-7g4m-gx5w
tmp0.2.5hightransitive · dev0.2.6CVE-2026-44705, GHSA-ph9p-34f9-6g65
ajv6.12.6mediumtransitive · dev6.14.0 ⊘CVE-2025-69873, GHSA-2g4f-4pwh-qvx6
brace-expansion5.0.5mediumtransitive · dev5.0.6CVE-2026-45149, GHSA-jxxr-4gwj-5jf2
fast-xml-parser5.5.8mediumtransitive5.7.0 ⊘CVE-2026-41650, GHSA-gh4j-gqv2-49f6
follow-redirects1.15.11mediumtransitive1.16.0GHSA-r4q5-vmmm-2653
hono4.12.15mediumtransitive4.12.21 ⊘CVE-2026-47676, CVE-2026-47675, CVE-2026-44455, CVE-2026-44456
ip-address10.1.0mediumtransitive10.1.1 ⊘CVE-2026-42338, GHSA-v2v4-37r5-5v8g
joi17.13.3mediumtransitive17.13.4 ⊘CVE-2026-48038, GHSA-q7cg-457f-vx79
mermaid11.12.2mediumtransitive11.15.0 ⊘CVE-2026-41150, CVE-2026-41159, CVE-2026-41149, CVE-2026-41148
nuxt3.17.5mediumtransitive3.21.6 ⊘CVE-2026-45669, CVE-2026-46342, CVE-2026-47200, CVE-2025-59414
postcss8.4.31mediumtransitive8.5.10 ⊘CVE-2026-41305, GHSA-qx2v-qp2m-jg93
postcss8.5.2mediumtransitive · dev8.5.10 ⊘CVE-2026-41305, GHSA-qx2v-qp2m-jg93
postcss8.5.6mediumtransitive8.5.10 ⊘CVE-2026-41305, GHSA-qx2v-qp2m-jg93
qs6.15.1mediumtransitive6.15.2 ⊘CVE-2026-8723, GHSA-q8mj-m7cp-5q26
turbo2.7.3mediumtransitive · dev2.9.14 ⊘CVE-2026-45772, CVE-2026-45773, GHSA-3qcw-2rhx-2726, GHSA-hcf7-66rw-9f5r
uuid10.0.0mediumtransitive11.1.1 ⊘CVE-2026-41907, GHSA-w5hq-g745-h8pq
uuid11.1.0mediumtransitive11.1.1 ⊘CVE-2026-41907, GHSA-w5hq-g745-h8pq
uuid13.0.0mediumtransitive13.0.1 ⊘CVE-2026-41907, GHSA-w5hq-g745-h8pq
uuid7.0.3mediumtransitive11.1.1 ⊘CVE-2026-41907, GHSA-w5hq-g745-h8pq
uuid8.3.2mediumtransitive11.1.1 ⊘CVE-2026-41907, GHSA-w5hq-g745-h8pq
uuid9.0.1mediumtransitive11.1.1 ⊘CVE-2026-41907, GHSA-w5hq-g745-h8pq
webpack-dev-server5.2.2mediumtransitive5.2.4 ⊘CVE-2026-6402, GHSA-79cf-xcqc-c78w
ws8.17.1mediumtransitive · dev8.20.1 ⊘CVE-2026-45736, GHSA-58qx-3vcg-4xpx
ws8.18.0mediumtransitive · dev8.20.1 ⊘CVE-2026-45736, GHSA-58qx-3vcg-4xpx
ws8.18.3mediumtransitive · dev8.20.1 ⊘CVE-2026-45736, GHSA-58qx-3vcg-4xpx
ws8.19.0mediumtransitive8.20.1 ⊘CVE-2026-45736, GHSA-58qx-3vcg-4xpx
yaml1.10.2mediumtransitive1.10.3 ⊘CVE-2026-33532, GHSA-48c2-rrv3-qjmp
@ai-sdk/provider-utils3.0.22lowtransitive4.0.0 ⊘CVE-2026-8769, GHSA-866g-f22w-33x8
elliptic6.6.1lowtransitive⚠ no fixCVE-2025-14505, GHSA-848j-6mx2-7j84

Want your project reviewed?

If you maintain an interesting JavaScript or TypeScript project and want CVE Lite CLI considered for a public case study, open an issue in the CVE Lite CLI repository.

Please include:

  • the repository link
  • why the project would make a useful case study
  • whether the dependency graph is publicly reproducible

Not every project will be selected. Preference will go to projects that are publicly useful, technically interesting, and strong examples of realistic dependency remediation workflows.