// npm 패키지
@antv/g6-cli
Scaffolding Your Extension for G6
버전
4
메인테이너
51
라이선스
MIT
최초 publish
2024-06-25
publisher
iaaron
tarball
114,311 B
AUTO-PUBLISHED·1개 버전 인덱싱됨·최근 publish: 2026-03-30
// publisher 캠페인by iaaron
이 계정에서 catch된 패키지 9건고립된 catch가 아닙니다. 동일 publisher가 8개의 다른 패키지를 추가로 발행했고, 모두 파이프라인이 catch했습니다 — 일회성이 아닌 조직적 캠페인의 형태. 아래 링크는 각 형제 catch의 분석으로 이동합니다.
// offending code· @0.0.4· 2 files flagged
llm: benign · 0.85→ 의심 전송지 없음, 원격 실행 형태 없음 — 4 known-vendor host(s).
- @0.0.4··AUTO-PUBLISHED·publisher: iaaronheuristic 75/100static flags 2llm benign (0.85) via ollamaosv-flagged:MAL-2026-3984public-github-pushreads-env-vars
→ 의심 전송지 없음, 원격 실행 형태 없음 — 4 known-vendor host(s).
// offending code· 2 files flaggedpatterns: 2
--- package/package.json (excerpt) --- { "name": "@antv/g6-cli", "version": "0.0.4", "description": "Scaffolding Your Extension for G6", "keywords": [ "antv", "g6", "extension", "template" ], "repository": "https://github.com/antvis/G6.git", "license": "MIT", "author": "yvonneyx", "type": "module", "main": "index.js", "bin": { "create-g6": "index.js" }, "files": [ "index.js", "template-*", "dist" ], "devDependencies": { "@types/lodash": "^4.17.16", "@types/minimist": "^1.2.5", "@types/prompts": "^2.4.9", "kolorist": "^1.8.0", "minimist": "^1.2.8", "prompts": "^2.4.2", "unbuild": "^2.0.0" }, "engines": { "node": "^18.0.0 || >=20.0.0" }, "publishConfig": { "access": "public", "registry": "https://registry.npmjs.org/" }, "scripts": { "build": "unbuild", "dev": "unbuild --stub", "typecheck": "tsc --noEmit" } } --- package/template-extension/rollup.config.mjs (excerpt) --- import commonjs from '@rollup/plugin-commonjs'; import resolve from '@rollup/plugin-node-resolve'; import terser from '@rollup/plugin-terser'; import typescript from '@rollup/plugin-typescript'; import _ from 'lodash'; import nodePolyfills from 'rollup-plugin-polyfill-node'; import { visualizer } from 'rollup-plugin-visualizer'; const { camelCase, upperFirst } = _; const isBundleVis = !!process.env.BUNDLE_VIS; export default [ { input: 'src/index.ts', output: { file: 'dist/{{projectName}}.min.js', name: upperFirst(camelCase('{{projectName}}')), format: 'umd', sourcemap: false, }, plugins: [ nodePolyfills(), resolve(), commonjs(), typescript({ tsconfig: 'tsconfig.build.json', }), terser(), ...(isBundleVis ? [visualizer()] : []), ], }, ]; --- bundled output (OSV-MAL flagged — LLM scope expansion) --- --- template-extension/__tests__/utils/svg-transformer.js (bundled) --- module.exports = { process() { return { code: `module.exports = {};`, }; }, }; --- dist/index.mjs (bundled) --- import E from"node:fs";import j from"node:path";import{fileURLToPath as Vi}from"node:url";import pe from"readline";import me from"events";let U=!0;const G=typeof self<"u"?self:typeof window<"u"?window:typeof global<"u"?global:{};let J=0;if(G.process&&G.process.env&&G.process.stdout){const{FORCE_COLOR:t,NODE_DISABLE_COLORS:r,NO_COLOR:h,TERM:e,COLORTERM:u}=G.process.env;r||h||t==="0"?U=!1:t==="1"||t==="2"||t==="3"?U=!0:e==="dumb"?U=!1:"CI"in G.process.env&&["TRAVIS","CIRCLECI","APPVEYOR","GITLAB_CI","GITHUB_ACTIONS","BUILDKITE","DRONE"].some(v=>v in G.process.env)?U=!0:U=process.stdout.isTTY,U&&(process.platform==="win32"||u&&(u==="truecolor"||u==="24bit")?J=3:e&&(e.endsWith("-256color")||e.endsWith("256"))?J=2:J=1)}let ge={enabled:U,supportLevel:J};function K(t,r,h=1){const e=`\x1B[${t}m`,u=`\x1B[${r}m`,v=new RegExp(`\\x1b\\[${r}m`,"g");return s=>ge.enabled&&ge.supportLevel>=h?e+(""+s).replace(v,e)+u:""+s}const W=K(0,0),ve=K(31,39),ki=K(33,39);function be(t){return t&&t.__esModule&&Object.prototype.hasOwnProperty.call(t,"default")?t.default:t}function Ui(t,r){var h=t;r.slice(0,-1).forEach(function(u){h=h[u]||{}});var e=r[r.length-1];return e in h}function we(t){return typeof t=="number"||/^0x[0-9a-f]+$/i.test(t)?!0:/^[-+]?(?:\d+(?:\.\d*)?|\.\d+)(e[-+]?\d+)?$/.test(t)}function ye(t,r){return r==="constructor"&&typeof t[r]=="function"||r==="__proto__"}var Bi=function(t,r){r||(r={});var h={bools:{},strings:{},unknownFn:null};typeof r.unknown=="function"&&(h.unknownFn=r.unknown),typeof r.boolean=="boolean"&&r.boolean?h.allBools=!0:[].concat(r.boolean).filter(Boolean).forEach(function(w){h.bools[w]=!0});var e={};function u(w){return e[w].some(function(x){return h.bools[x]})}Object.keys(r.alias||{}).forEach(function(w){e[w]=[].concat(r.alias[w]),e[w].forEach(function(x){e[x]=[w].concat(e[w].filter(function(S){return x!==S}))})}),[].concat(r.string).filter(Boolean).forEach(function(w){h.strings[w]=!0,e[w]&&[].concat(e[w]).forEach(function(x){h.strings[x]=!0})});var v=r.defa