// npm 패키지

@antv/gi-sdk-app

- 加载 JS 脚本，全局变量为 GI_SDK_APP

npmjs.com tarball repo homepage

버전

메인테이너

라이선스

ISC

최초 publish

2023-07-10

publisher

iaaron

tarball

63,534 B

AUTO-PUBLISHED·1개 버전 인덱싱됨·최근 publish: 2024-08-06

// publisher 캠페인by iaaron

이 계정에서 catch된 패키지 9건

고립된 catch가 아닙니다. 동일 publisher가 8개의 다른 패키지를 추가로 발행했고, 모두 파이프라인이 catch했습니다 — 일회성이 아닌 조직적 캠페인의 형태. 아래 링크는 각 형제 catch의 분석으로 이동합니다.

// offending code· @1.2.10· no static-pattern hits

llm: benign · 0.85

→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).

@1.2.10·2024-08-06·AUTO-PUBLISHED·publisher: iaaron

heuristic 75/100

static flags 0

llm benign (0.85) via ollama

mature-packageosv-flagged:MAL-2026-4016

→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).

// offending code· no static-pattern hits

--- package.json (entry) ---
{
  "name": "@antv/gi-sdk-app",
  "version": "1.2.10",
  "description": "",
  "main": "index.js",
  "author": "",
  "publishConfig": {
    "access": "public"
  },
  "license": "ISC",
  "repository": "git@github.com:antvis/G6VP.git",
  "scripts": {
    "build": "npm run build:umd",
    "build:umd": "webpack --mode production  -c ../../webpack.config.js --env path=/packages/gi-sdk-app",
    "build:umd:watch": "webpack --mode production  -c ../../webpack.config.js --env path=/packages/gi-sdk-app watch=true",
    "test": "echo \"Error: no test specified\" && exit 1",
    "sync": "tnpm sync @antv/gi-sdk-app"
  }
}

--- bundled output (OSV-MAL flagged — LLM scope expansion) ---

--- dist/index.min.js (bundled) ---
!function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t(require("React")):"function"==typeof define&&define.amd?define(["React"],t):"object"==typeof exports?exports.GI_SDK_APP=t(require("React")):e.GI_SDK_APP=t(e.React)}(self,(e=>(()=>{"use strict";var t={24:t=>{t.exports=e}},n={};function o(e){var r=n[e];if(void 0!==r)return r.exports;var a=n[e]={exports:{}};return t[e](a,a.exports,o),a.exports}o.d=(e,t)=>{for(var n in t)o.o(t,n)&&!o.o(e,n)&&Object.defineProperty(e,n,{enumerable:!0,get:t[n]})},o.o=(e,t)=>Object.prototype.hasOwnProperty.call(e,t),o.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})};var r={};return(()=>{o.r(r),o.d(r,{default:()=>i});var e=o(24),t=function(e,t,n,o){return new(n||(n=Promise))((function(r,a){function i(e){try{s(o.next(e))}catch(e){a(e)}}function c(e){try{s(o.throw(e))}catch(e){a(e)}}function s(e){var t;e.done?r(e.value):(t=e.value,t instanceof n?t:new n((function(e){e(t)}))).then(i,c)}s((o=o.apply(e,t||[])).next())}))};const n=e=>t(void 0,void 0,void 0,(function*(){return Promise.all([...e.map((e=>{const n=window[e.global];return n?Object.assign(Object.assign({},n),e):(e=>t(void 0,void 0,void 0,(function*(){return new Promise((t=>{const n=document.createElement("script");n.type="text/javascript",n.charset="UTF-8",n.id=e.global||e.url,n.src=e.url,n.defer=!0,n.async=!1,document.body.append(n);const o=document.createElement("link"),r=e.url.replace("min.js","css");o.href=r,o.type="text/css",o.rel="stylesheet",document.head.append(o),n.onload=()=>{t(n)},n.onerror=()=>{t(n)}}))})))(e).then((t=>{let n=window[e.global];if(n)return n.hasOwnProperty("default")&&(n=n.default),Object.assign(Object.assign({},n),e);console.warn(`${e.global} is not found`)}))}))]).then((e=>e.filter((e=>e))))})),a=t=>{const{title:n}=t;return e.createElement("div",{className:"spinner-box"},e.createElement("div",{className:"configure