// npm 패키지
@antv/chart-linter
ChartLinter
버전
2
메인테이너
51
라이선스
MIT
최초 publish
2021-05-27
publisher
pddpd
tarball
1,361,829 B
AUTO-PUBLISHED·1개 버전 인덱싱됨·최근 publish: 2021-06-04
// publisher 캠페인by pddpd
이 계정에서 catch된 패키지 6건고립된 catch가 아닙니다. 동일 publisher가 5개의 다른 패키지를 추가로 발행했고, 모두 파이프라인이 catch했습니다 — 일회성이 아닌 조직적 캠페인의 형태. 아래 링크는 각 형제 catch의 분석으로 이동합니다.
// offending code· @1.1.6· 4 files flagged
llm: benign · 0.85→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
- @1.1.6··AUTO-PUBLISHED·publisher: pddpdheuristic 75/100static flags 1llm benign (0.85) via ollamaosv-flagged:MAL-2026-3857child-process-spawn
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
// offending code· 4 files flaggedpatterns: 1
--- package/webpack.config.js (excerpt) --- const path = require('path'); const webpack = require('webpack'); module.exports = { mode: 'production', devtool: 'cheap-module-source-map', entry: './src/index', output: { library: 'ChartLinter', libraryTarget: 'umd', path: path.resolve(__dirname, 'dist/'), filename: 'index.js', }, resolve: { extensions: ['.js', '.ts', '.json'], mainFields: ['module', 'browser', 'main'], }, module: { rules: [ { test: /\.ts/, exclude: /node_modules/, loader: 'babel-loader', options: { presets: ['@babel/preset-typescript', ['@babel/preset-env', { modules: 'commonjs' }]], plugins: ['@babel/plugin-proposal-class-properties', '@babel/plugin-proposal-object-rest-spread'], }, }, ], }, plugins: [new webpack.IgnorePlugin({ resourceRegExp: /^(fs|child_process)$/ })], }; --- package/src/linter/index.ts (excerpt) --- import WasmClingoModule from 'wasm-clingo'; import { schema2asp } from 'draco-core'; import * as CONSTRAINTS from './rules'; import { Rule, RULE_KEYS } from '../interfaces'; export interface SolveOptions { /** * Empty means all. */ constraints?: string[]; /** * Number of models. */ models?: number; } export interface Schema { stats: any; size: number; } export class Linter { initialized = false; private Module: any; private stdout = ''; /** * Data schema containing column statistics. */ private schema: Schema | null; private constraints: Record<string, string>; constructor(updateStatus: (text: string) => void = console.log) { let url = 'https://unpkg.com/wasm-clingo@0.3.0'; if (url.substr(url.length - 1) !== '/') { url += '/'; } // eslint-disable-next-line @typescript-eslint/no-this-alias const bindThis = this; const m = { // Where to locate clingo.wasm locateFile: (file: string) => `${url}${file}`, setStatus: updateStatus, print: (text: string) => { bindThis.stdout += text; }, totalDependencies: 0, printErr: (err: Error) => { if (err) { m.setStatus('Received output on stderr.'); console.warn(err); } }, }; this.Module = m; this.schema = null; this.constraints = CONSTRAINTS; } init() { return new Promise((resolve) => { this.Module.setStatus('Downloading...'); this --- package/src/fixer/actions/apply.ts (excerpt) --- import { Action, VegaLite, Field } from '../../interfaces'; import { RuleID } from '../rules'; import { ACTION_ROUTER } from './router'; import { ActionExecutorOptions } from './interfaces'; /** * Apply action and return new vegalite json * * @param vl the origin vegalite json * @param ruleID the rule id considering this action * @param action the current action * @param fields all fields in data */ export function applyActions(vl: VegaLite, ruleID: RuleID, action: Action, fields: Field[]): VegaLite { const { name: actionName, originAction } = action; if (originAction === 'CHANGE_MARK') { return ACTION_ROUTER['CHANGE_MARK'].executor({ vl, action }); } else if (originAction === 'CHANGE_CHANNEL') { return ACTION_ROUTER['CHANGE_CHANNEL'].executor({ vl, action }); } return exec(actionName, { vl, action, ruleID, fields }) || vl; // else: // # TODO default case // # what to do? // newvl = copy.deepcopy(vl) } function exec(actionName: string, options: ActionExecutorOptions): VegaLite | undefined { const key = Object.keys(ACTION_ROUTER).find((key) => { const { token, type } = ACTION_ROUTER[key]; if (type === 'equals') return actionName === token; if (type === 'startswith') return actionName.startsWith(token); return false; }); if (!key) return undefined; return ACTION_ROUTER[key].executor(options); } --- package/lib/linter/index.js (excerpt) --- "use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.Linter = void 0; var tslib_1 = require("tslib"); var wasm_clingo_1 = tslib_1.__importDefault(require("wasm-clingo")); var draco_core_1 = require("draco-core"); var CONSTRAINTS = tslib_1.__importStar(require("./rules")); var interfaces_1 = require("../interfaces"); var Linter = /** @class */ (function () { function Linter(updateStatus) { if (updateStatus === void 0) { updateStatus = console.log; } this.initialized = false; this.stdout = ''; var url = 'https://unpkg.com/wasm-clingo@0.3.0'; if (url.substr(url.length - 1) !== '/') { url += '/'; } // eslint-disable-next-line @typescript-eslint/no-this-alias var bindThis = this; var m = { // Where to locate clingo.wasm locateFile: function (file) { return "" + url + file; }, setStatus: updateStatus, print: function (text) { bindThis.stdout += text; }, totalDependencies: 0, printErr: function (err) { if (err) { m.setStatus('Received output on stderr.'); console.warn(err); } }, }; this.Module = m; this.schema = null; this.constraints = CONSTRAINTS; } Linter.prototype.init = function () { var _this = this; return new Promise(func --- bundled output (OSV-MAL flagged — LLM scope expansion) --- --- dist/index.js (bundled) --- !function(t,e){"object"==typeof exports&&"object"==typeof module?module.exports=e():"function"==typeof define&&define.amd?define([],e):"object"==typeof exports?exports.ChartLinter=e():t.ChartLinter=e()}(window,(function(){return function(t){var e={};function n(r){if(e[r])return e[r].exports;var i=e[r]={i:r,l:!1,exports:{}};return t[r].call(i.exports,i,i.exports,n),i.l=!0,i.exports}return n.m=t,n.c=e,n.d=function(t,e,r){n.o(t,e)||Object.defineProperty(t,e,{enumerable:!0,get:r})},n.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})},n.t=function(t,e){if(1&e&&(t=n(t)),8&e)return t;if(4&e&&"object"==typeof t&&t&&t.__esModule)return t;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:t}),2&e&&"string"!=typeof t)for(var i in t)n.d(r,i,function(e){return t[e]}.bind(null,i));return r},n.n=function(t){var e=t&&t.__esModule?function(){return t.default}:function(){return t};return n.d(e,"a",e),e},n.o=function(t,e){return Object.prototype.hasOwnProperty.call(t,e)},n.p="",n(n.s=127)}([function(t,e){"function"==typeof Object.create?t.exports=function(t,e){e&&(t.super_=e,t.prototype=Object.create(e.prototype,{constructor:{value:t,enumerable:!1,writable:!0,configurable:!0}}))}:t.exports=function(t,e){if(e){t.super_=e;var n=function(){};n.prototype=e.prototype,t.prototype=new n,t.prototype.constructor=t}}},function(t,e,n){ /*! safe-buffer. MIT License. Feross Aboukhadijeh <https://feross.org/opensource> */ var r=n(3),i=r.Buffer;function o(t,e){for(var n in t)e[n]=t[n]}function a(t,e,n){return i(t,e,n)}i.from&&i.alloc&&i.allocUnsafe&&i.allocUnsafeSlow?t.exports=r:(o(r,e),e.Buffer=a),a.prototype=Object.create(i.prototype),o(i,a),a.from=function(t,e,n){if("number"==typeof t)throw new TypeError("Argument must not be a number");return i(t,e,n)},a.alloc=function(t,e,n){if("number"!=typeof t)throw new TypeError("Argument must be a