{
  "schema": "cremit-ioc/v1",
  "generated_at": "2026-05-20T07:02:06.108Z",
  "package": {
    "ecosystem": "npm",
    "name": "@antv/istanbul",
    "version": "0.0.0",
    "publisher": "dxq613",
    "sha256": "sha512-eVWxdkhcNPAXG68InRk9fhRnDIcO3JWHZuOU3NTf/syC6uk56OXkaQ3LHIEvqlRpykSthrcmAwoJi2tPXFoj6Q==",
    "tarball_url": "https://registry.npmjs.org/@antv/istanbul/-/istanbul-0.0.0.tgz",
    "weekly_downloads": null,
    "description": "Yet another JS code coverage tool that computes statement, line, function and branch coverage with module loader hooks to transparently add coverage when running tests. Supports all JS coverage use cases including unit tests, server side functional tests ",
    "repository_url": "ssh://git@github.com/antvis/tools",
    "first_published_at": "2019-04-02T03:30:35.729Z"
  },
  "classification": {
    "label": "benign",
    "confidence": 0.85,
    "summary": "No suspicious destination, no remote-exec shape — 1 known-vendor host(s).",
    "provider": "ollama",
    "heuristic_score": 75,
    "disposition": "auto-published"
  },
  "references": {
    "npm_url": "https://www.npmjs.com/package/@antv/istanbul/v/0.0.0",
    "pypi_url": null,
    "osv_id": null,
    "osv_url": null,
    "package_page": "https://incidents.cremit.io/packages/npm/%40antv%2Fistanbul"
  },
  "techniques": [
    {
      "id": "T1033",
      "name": "System Owner/User Discovery",
      "tactic": "Discovery"
    },
    {
      "id": "T1082",
      "name": "System Information Discovery",
      "tactic": "Discovery"
    },
    {
      "id": "T1552.001",
      "name": "Unsecured Credentials: Credentials in Files",
      "tactic": "Credential Access"
    }
  ],
  "indicators": {
    "network": {
      "urls": [],
      "ipv4": [],
      "webhook_bins": [],
      "discord_webhook_ids": [],
      "telegram_bots": [],
      "github_repos": []
    },
    "files": {
      "credential_paths": []
    },
    "deps": {
      "suspicious": []
    },
    "encoded": {
      "base64": []
    },
    "metadata": {
      "heuristic_flags": [
        "first-version-of-package",
        "osv-flagged:MAL-2026-4031"
      ],
      "static_flags": [
        "reads-env-vars",
        "reads-homedir"
      ],
      "self_described_as": []
    }
  },
  "stix_hints": {
    "indicator_pattern_examples": [
      "[file:hashes.'SHA-256' = 'sha512-eVWxdkhcNPAXG68InRk9fhRnDIcO3JWHZuOU3NTf/syC6uk56OXkaQ3LHIEvqlRpykSthrcmAwoJi2tPXFoj6Q==']"
    ],
    "note": "These are STIX 2.1 indicator pattern fragments, not a full bundle. Wrap each in {type:\"indicator\", pattern:..., pattern_type:\"stix\"} and add identity / created_by_ref objects to ingest into a TIP."
  }
}