// publisher campaign · npm
All caught packages published by the kasmine account on npm, plus the author + maintainer info the registry currently exposes. Use this view to pivot: shared emails / names across packages are strong evidence of a single attacker behind multiple throwaway handles.
Account-level signals. Activity span tells you how long this handle has been around (fresh = throwaway-prone). Email domains separate single-use webmail from real org addresses. Cross-ecosystem handles + GitHub links are the strongest attribution pivot — same name on multiple registries usually means same operator.
An email from this campaign also appears on caught packages under a different publisher account. Strong evidence that one operator runs both handles.
Same email or author name on more than one package — direct attribution evidence beyond the shared publisher account.
Static-analysis flags that fired across the campaign, with how many packages each touched. Use as the "what kind of stealer is this" answer.
Every package this account currently has on the registry, newest first. ● caught by our pipeline · ○ not yet flagged.0/7 caught.
React component for plots
npm package name robbery.
A component like github-contribution-calendar based on AntV/G2Plot.
A collection of shapes of visualization for G2 or G2Plot
Infographic for D2 Games, based on Ant/G2Plot.
G2 Charts for Vue.js
data driven react components of echarts
A common util collection for antv projects
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
