// npm 패키지
@antv/istanbul
Yet another JS code coverage tool that computes statement, line, function and branch coverage with module loader hooks to transparently add coverage when running tests. Supports all JS coverage use cases including unit tests, server side functional tests
버전
1
메인테이너
51
라이선스
BSD-3-Clause
최초 publish
2019-04-02
publisher
dxq613
tarball
306,098 B
AUTO-PUBLISHED·1개 버전 인덱싱됨·최근 publish: 2019-04-02
// exfil path
what is read → where it shipssteals
- ○ home dir
sends to
(no destination string extracted — payload may be dynamic / obfuscated)
→ view full payload// publisher 캠페인by dxq613
이 계정에서 catch된 패키지 3건고립된 catch가 아닙니다. 동일 publisher가 2개의 다른 패키지를 추가로 발행했고, 모두 파이프라인이 catch했습니다 — 일회성이 아닌 조직적 캠페인의 형태. 아래 링크는 각 형제 catch의 분석으로 이동합니다.
// offending code· @0.0.0· 1 file flagged
llm: benign · 0.85→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
- @0.0.0··AUTO-PUBLISHED·publisher: dxq613heuristic 75/100static flags 2llm benign (0.85) via ollamafirst-version-of-packageosv-flagged:MAL-2026-4031reads-env-varsreads-homedir
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
// offending code· 1 file flaggedpatterns: 2
--- package/lib/store/tmp.js (excerpt) --- /* Copyright (c) 2012, Yahoo! Inc. All rights reserved. Copyrights licensed under the New BSD License. See the accompanying LICENSE file for terms. */ var util = require('util'), path = require('path'), os = require('os'), fs = require('fs'), mkdirp = require('mkdirp'), Store = require('./index'); function makeTempDir() { var dir = path.join(os.tmpdir ? os.tmpdir() : /* istanbul ignore next */ (process.env.TMPDIR || '/tmp'), 'ts' + new Date().getTime()); mkdirp.sync(dir); return dir; } /** * a `Store` implementation using temporary files. * * Usage * ----- * * var store = require('istanbul').Store.create('tmp'); * * * @class TmpStore * @extends Store * @module store * @param {Object} opts Optional. * @param {String} [opts.tmp] a pre-existing directory to use as the `tmp` directory. When not specified, a random directory * is created under `os.tmpdir()` * @constructor */ function TmpStore(opts) { opts = opts || {}; this.tmp = opts.tmp || makeTempDir(); this.map = {}; this.seq = 0; this.prefix = 't' + new Date().getTime() + '-'; } TmpStore.TYPE = 'tmp'; util.inherits(TmpStore, Store); Store.mix(TmpStore, { generateTmpFileName: function () { this.seq += 1; return path.join(this.tmp, this.prefix + this.seq + '.tmp'); }, set: function (key, contents) { var tmpFile = this.generateTmpFileName(); fs.writeFileSync(tmpFile, contents, 'utf8'); this.m --- bundled output (OSV-MAL flagged — LLM scope expansion) --- --- lib/register-plugins.js (bundled) --- /* Copyright (c) 2012, Yahoo! Inc. All rights reserved. Copyrights licensed under the New BSD License. See the accompanying LICENSE file for terms. */ var Store = require('./store'), Report = require('./report'), Command = require('./command'); Store.loadAll(); Report.loadAll(); Command.loadAll(); --- lib/util/file-matcher.js (bundled) --- /* Copyright (c) 2012, Yahoo! Inc. All rights reserved. Copyrights licensed under the New BSD License. See the accompanying LICENSE file for terms. */ var async = require('async'), glob = require('glob'), fs = require('fs'), path = require('path'), seq = 0; function filesFor(options, callback) { if (!callback && typeof options === 'function') { callback = options; options = null; } options = options || {}; var root = options.root, includes = options.includes, excludes = options.excludes, realpath = options.realpath, relative = options.relative, opts; root = root || process.cwd(); includes = includes && Array.isArray(includes) ? includes : [ '**/*.js' ]; excludes = excludes && Array.isArray(excludes) ? excludes : [ '**/node_modules/**' ]; opts = { cwd: root, nodir: true, ignore: excludes }; seq += 1; opts['x' + seq + new Date().getTime()] = true; //cache buster for minimatch cache bug glob(includes.join(' '), opts, function (err, files) { if (err) { return callback(err); } if (relative) { return callback(err, files); } if (!realpath) { files = files.map(function (file) { return path.resolve(root, file); }); return callback(err, files); } var realPathCache = module.constructor._realpathCache || {}; async.map(files, function (file, done) { fs.realpath(path.resolve(root, file), realPathCache, done); }, callback); }); } function matcherFor(options, callback) { if (!callback && typeof options === 'function') { callback = options; options = null; } options = options || {}; options.relative = false; //force absolute paths options.realpath = true; //force real paths (to match Node.js module paths) filesFor(options, function (err, files) { var fileMap = {}, matchFn; if (err) { return ca --- lib/util/file-writer.js (bundled) --- /* Copyright (c) 2012, Yahoo! Inc. All rights reserved. Copyrights licensed under the New BSD License. See the accompanying LICENSE file for terms. */ var path = require('path'), util = require('util'), fs = require('fs'), async = require('async'), mkdirp = require('mkdirp'), writer = require('./writer'), Writer = writer.Writer, ContentWriter = writer.ContentWriter; function extend(cons, proto) { Object.keys(proto).forEach(function (k) { cons.prototype[k] = proto[k]; }); } function BufferedContentWriter() { ContentWriter.call(this); this.content = ''; } util.inherits(BufferedContentWriter, ContentWriter); extend(BufferedContentWriter, { write: function (str) { this.content += str; }, getContent: function () { return this.content; } }); function StreamContentWriter(stream) { ContentWriter.call(this); this.stream = stream; } util.inherits(StreamContentWriter, ContentWriter); extend(StreamContentWriter, { write: function (str) { this.stream.write(str); } }); function SyncFileWriter() { Writer.call(this); } util.inherits(SyncFileWriter, Writer); extend(SyncFileWriter, { writeFile: function (file, callback) { mkdirp.sync(path.dirname(file)); var cw = new BufferedContentWriter(); callback(cw); fs.writeFileSync(file, cw.getContent(), 'utf8'); }, done: function () { this.emit('done'); //everything already done } }); function AsyncFileWriter() { this.queue = async.queue(this.processFile.bind(this), 20); this.openFileMap = {}; } util.inherits(AsyncFileWriter, Writer); extend(AsyncFileWriter, { writeFile: function (file, callback) { this.openFileMap[file] = true; this.queue.push({ file: file, callback: callback }); }, processFile: function (task, cb) { var file = task.file, userCallback = task.callback, that = this, st --- lib/util/help-formatter.js (bundled) --- /* Copyright (c) 2012, Yahoo! Inc. All rights reserved. Copyrights licensed under the New BSD License. See the accompanying LICENSE file for terms. */ var OPT_PREFIX = " ", OPT_START = OPT_PREFIX.length, TEXT_START = 14, STOP = 80, wrap = require('wordwrap')(TEXT_START, STOP), paraWrap = require('wordwrap')(1, STOP); function formatPara(text) { return paraWrap(text); } function formatOption(option, helpText) { var formattedText = wrap(helpText); if (option.length > TEXT_START - OPT_START - 2) { return OPT_PREFIX + option + '\n' + formattedText; } else { return OPT_PREFIX + option + formattedText.substring((OPT_PREFIX + option).length); } } module.exports = { formatPara: formatPara, formatOption: formatOption }; --- lib/util/tree-summarizer.js (bundled) --- /* Copyright (c) 2012, Yahoo! Inc. All rights reserved. Copyrights licensed under the New BSD License. See the accompanying LICENSE file for terms. */ var path = require('path'), SEP = path.sep || '/', utils = require('../object-utils'); function commonArrayPrefix(first, second) { var len = first.length < second.length ? first.length : second.length, i, ret = []; for (i = 0; i < len; i += 1) { if (first[i] === second[i]) { ret.push(first[i]); } else { break; } } return ret; } function findCommonArrayPrefix(args) { if (args.length === 0) { return []; } var separated = args.map(function (arg) { return arg.split(SEP); }), ret = separated.pop(); if (separated.length === 0) { return ret.slice(0, ret.length - 1); } else { return separated.reduce(commonArrayPrefix, ret); } } function Node(fullName, kind, metrics) { this.name = fullName; this.fullName = fullName; this.kind = kind; this.metrics = metrics || null; this.parent = null; this.children = []; } Node.prototype = { displayShortName: function () { return this.relativeName; }, fullPath: function () { return this.fullName; }, addChild: function (child) { this.children.push(child); child.parent = this; }, toJSON: function () { return { name: this.name, relativeName: this.relativeName, fullName: this.fullName, kind: this.kind, metrics: this.metrics, parent: this.parent === null ? null : this.parent.name, children: this.children.map(function (node) { return node.toJSON(); }) }; } }; function TreeSummary(summaryMap, commonPrefix) { this.prefix = commonPrefix; this.convertToTree(summaryMap, commonPrefix); } TreeSummary.prototype = { getNode: function (shortName) { re --- lib/report/json-summary.js (bundled) --- /* Copyright (c) 2012, Yahoo! Inc. All rights reserved. Copyrights licensed under the New BSD License. See the accompanying LICENSE file for terms. */ var path = require('path'), objectUtils = require('../object-utils'), Writer = require('../util/file-writer'), util = require('util'), Report = require('./index'); /** * a `Report` implementation that produces a coverage JSON object with summary info only. * * Usage * ----- * * var report = require('istanbul').Report.create('json-summary'); * * * @class JsonSummaryReport * @extends Report * @module report * @constructor * @param