Malicious packages not being reported in Copilot Chat #602

danbarr · 2025-01-15T23:37:03Z

Describe the issue

Starting with v0.1.6, malicious/deprecated packages are not being reported by CodeGate via Copilot Chat. Copilot Explain is reporting them as expected, and Continue chat is also fine.

With v0.1.5:

Starting in v0.1.6:

Steps to Reproduce

Ask Copilot Chat to explain or review a file with a malicious package reference, for example https://github.com/stacklok/codegate-demonstration/blob/main/python/fabric.py

Operating System

MacOS (Arm)

IDE and Version

VS Code 1.96.3

Extension and Version

Copilot 1.257.0

Provider

GitHub Copilot

Model

GPT-4

Logs

No response

Additional Context

No response

lukehinds · 2025-01-16T13:48:11Z

Do you know if this is still on 0.1.7 @danbarr ?

danbarr · 2025-01-16T14:04:25Z

@lukehinds Yes I am still able to reproduce on 1.0.7 when starting from a fresh chat session.

jhrozek · 2025-01-16T15:23:29Z

@danbarr I think this got fixed today by one of @yrobla 's patches. We should get a release out

danbarr added the bug label Jan 15, 2025

github-actions bot added the needs-triage label Jan 15, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Malicious packages not being reported in Copilot Chat #602

Malicious packages not being reported in Copilot Chat #602

danbarr commented Jan 15, 2025

lukehinds commented Jan 16, 2025

danbarr commented Jan 16, 2025

jhrozek commented Jan 16, 2025

Malicious packages not being reported in Copilot Chat #602

Malicious packages not being reported in Copilot Chat #602

Comments

danbarr commented Jan 15, 2025

Describe the issue

Steps to Reproduce

Operating System

IDE and Version

Extension and Version

Provider

Model

Logs

Additional Context

lukehinds commented Jan 16, 2025

danbarr commented Jan 16, 2025

jhrozek commented Jan 16, 2025