// npm 패키지
cdk-insights
AWS CDK security and cost analysis CLI. Free static scans via npm — no account needed. Sign up free to add AI-powered insights.
버전
147
메인테이너
1
라이선스
BUSL-1.1
최초 publish
2025-07-08
publisher
GitHub Actions
tarball
3,240,488 B
AUTO-PUBLISHED·1개 버전 인덱싱됨·최근 publish: 2026-05-22
// publisher 캠페인by GitHub Actions
이 계정에서 catch된 패키지 9건고립된 catch가 아닙니다. 동일 publisher가 8개의 다른 패키지를 추가로 발행했고, 모두 파이프라인이 catch했습니다 — 일회성이 아닌 조직적 캠페인의 형태. 아래 링크는 각 형제 catch의 분석으로 이동합니다.
// offending code· @1.41.2· 1 file flagged
llm: benign · 0.85→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
- @1.41.2··AUTO-PUBLISHED·publisher: GitHub Actionsheuristic 75/100static flags 2llm benign (0.85) via ollamamature-packagehas-source-repoosv-flagged:MAL-2026-4508public-github-pushinstall-path-npm-publish
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
// offending code· 1 file flaggedpatterns: 2
--- install scripts --- ### prepare husky install && npm run build --- package/package.json (excerpt) --- { "name": "cdk-insights", "version": "1.41.2", "description": "AWS CDK security and cost analysis CLI. Free static scans via npm — no account needed. Sign up free to add AI-powered insights.", "main": "dist/index.js", "types": "dist/index.d.ts", "bin": { "cdk-insights": "dist/entry.js" }, "exports": { ".": { "types": "./dist/index.d.ts", "import": "./dist/index.js", "require": "./dist/index.js" } }, "files": [ "dist/**/*", "README.md", "LICENSE" ], "scripts": { "test": "vitest --run", "lint": "biome lint src/", "typecheck": "tsc --noEmit", "format": "biome format --write src/", "check": "biome check src/", "check:schema-sync": "ts-node scripts/check-schema-sync.ts", "build": "ts-node scripts/build.ts", "build:dev": "CDK_INSIGHTS_ENVIRONMENT=dev CDK_INSIGHTS_API_URL=https://s2zhmjbwlj.execute-api.eu-west-2.amazonaws.com/v1 ts-node scripts/build.ts", "start": "node dist/index.js", "dev": "ts-node src/index.ts", "prepare": "husky install && npm run build", "start:dev": "CDK_ENV=local ts-node src/index.ts", "ai-run": "ts-node src/index.ts", "unlink": "npm unlink -g cdk-insights", "link": "npm link", "prepare:test": "npm run unlink && npm run build && npm run link", "prepare:dev": "npm run unlink && npm run build:dev && npm run link", "deploy:dev": "STAGE=dev cdk deploy", "destroy:dev": "STAGE=dev cdk destroy", "release:patch": "bumper r --- bundled output (OSV-MAL flagged — LLM scope expansion) --- --- dist/entry.js (bundled) --- #!/usr/bin/env node "use strict";var M$=Object.create;var vh=Object.defineProperty;var B$=Object.getOwnPropertyDescriptor;var N$=Object.getOwnPropertyNames;var $$=Object.getPrototypeOf,W$=Object.prototype.hasOwnProperty;var D=(t,e)=>()=>(t&&(e=t(t=0)),e);var M=(t,e)=>()=>(e||t((e={exports:{}}).exports,e),e.exports),Ch=(t,e)=>{for(var s in e)vh(t,s,{get:e[s],enumerable:!0})},j$=(t,e,s,n)=>{if(e&&typeof e=="object"||typeof e=="function")for(let r of N$(e))!W$.call(t,r)&&r!==s&&vh(t,r,{get:()=>e[r],enumerable:!(n=B$(e,r))||n.enumerable});return t};var oe=(t,e,s)=>(s=t!=null?M$($$(t)):{},j$(e||!t||!t.__esModule?vh(s,"default",{value:t,enumerable:!0}):s,t));var TC=M((lae,U$)=>{U$.exports={name:"dotenv",version:"16.5.0",description:"Loads environment variables from .env file",main:"lib/main.js",types:"lib/main.d.ts",exports:{".":{types:"./lib/main.d.ts",require:"./lib/main.js",default:"./lib/main.js"},"./config":"./config.js","./config.js":"./config.js","./lib/env-options":"./lib/env-options.js","./lib/env-options.js":"./lib/env-options.js","./lib/cli-options":"./lib/cli-options.js","./lib/cli-options.js":"./lib/cli-options.js","./package.json":"./package.json"},scripts:{"dts-check":"tsc --project tests/types/tsconfig.json",lint:"standard",pretest:"npm run lint && npm run dts-check",test:"tap run --allow-empty-coverage --disable-coverage --timeout=60000","test:coverage":"tap run --show-full-coverage --timeout=60000 --coverage-report=lcov",prerelease:"npm test",release:"standard-version"},repository:{type:"git",url:"git://github.com/motdotla/dotenv.git"},homepage:"https://github.com/motdotla/dotenv#readme",funding:"https://dotenvx.com",keywords:["dotenv","env",".env","environment","variables","config","settings"],readmeFilename:"README.md",license:"BSD-2-Clause",devDependencies:{"@types/node":"^18.11.3",decache:"^4.6.2",sinon:"^14.0.1",standard:"^17.0.0","standard-version":"^9.5.0",tap:"^19.2.0",typescript:"^4.8.4"},engines:{node:">=12"},browser:{fs:!1}}});var wh=M((dae,Cr --- dist/index.d.ts (bundled) --- import type { ValidationReportFinding } from './helpers/parseValidationReport/parseValidationReport'; import type { CloudFormationStack, InlineAcknowledgement, Issue, IssueGroup, RuleContext, ServiceName } from './types/analysis.types'; /** * Export the CDK Insights aspect for enhanced analysis */ export { CDK_INSIGHTS_ANNOTATION_PREFIX, CDK_INSIGHTS_METADATA_VERSION, CDK_INSIGHTS_NAG_FINDING_PREFIX, CdkInsightsAspect, type CdkInsightsAspectOptions, type CdkInsightsLoggerOptions, type CdkInsightsMetadata, type CdkInsightsNagFinding, type ConstructHierarchyEntry, clearCaches, createCdkInsightsAspect, createCdkInsightsLogger, createExtremelyHelpfulConsoleLogger, ExtremelyHelpfulConsoleLogger, getCacheStats, isCdkDebugEnabled, type SensitiveProperty, type SourceLocation, type SourceLocationConfidence, } from './aspects/CdkInsightsAspect'; export { type AiSkippedReason as ScanReportAiSkippedReason, SCAN_REPORT_SCHEMA_VERSION, type ScanDetailResponse, type ScanMetadata, type ScanReport, type ScanReportEnvelope, type ScanReportFinding, type ScanReportResource, type ScanReportSchemaVersion, type ScanReportSourceLocation, type ScanReportStack, type ScanTotals, type Severity as ScanReportSeverity, type SeverityCounts as ScanReportSeverityCounts, type WAFPillar as ScanReportWAFPillar, type WAFPillarCounts as ScanReportWAFPillarCounts, } from './types/scanReport.types'; export { CdkInsightsPolicyValidationPlugin, type CdkInsightsPolicyValidationPluginOptions, createCdkInsightsPolicyValidationPlugin, type PolicyValidationContext, type PolicyValidationPluginReport, type PolicyViolatingResource, type PolicyViolation, } from './validation/CdkInsightsPolicyValidationPlugin'; type Tier = 'free' | 'pro'; type CacheConfig = { enabled: boolean; ttl: number; maxSize: number; }; type QuotaValidation = { canRunStaticAnalysis: boolean; canRunAIAnalysis: boolean; quota: { isTrial: boolean; currentResourcesAnalyzed: number; maxResources: numb --- dist/index.js (bundled) --- "use strict";var KC=Object.create;var Ai=Object.defineProperty;var VC=Object.getOwnPropertyDescriptor;var ZC=Object.getOwnPropertyNames;var YC=Object.getPrototypeOf,JC=Object.prototype.hasOwnProperty;var ep=(e,t)=>()=>(e&&(t=e(e=0)),t);var T=(e,t)=>()=>(t||e((t={exports:{}}).exports,t),t.exports),xi=(e,t)=>{for(var s in t)Ai(e,s,{get:t[s],enumerable:!0})},tp=(e,t,s,n)=>{if(t&&typeof t=="object"||typeof t=="function")for(let r of ZC(t))!JC.call(e,r)&&r!==s&&Ai(e,r,{get:()=>t[r],enumerable:!(n=VC(t,r))||n.enumerable});return e};var Z=(e,t,s)=>(s=e!=null?KC(YC(e)):{},tp(t||!e||!e.__esModule?Ai(s,"default",{value:e,enumerable:!0}):s,e)),Fa=e=>tp(Ai({},"__esModule",{value:!0}),e);var gp=T((D2,fp)=>{var mp=require("stream").Stream,JA=require("util");fp.exports=Gt;function Gt(){this.source=null,this.dataSize=0,this.maxDataSize=1024*1024,this.pauseStream=!0,this._maxDataSizeExceeded=!1,this._released=!1,this._bufferedEvents=[]}JA.inherits(Gt,mp);Gt.create=function(e,t){var s=new this;t=t||{};for(var n in t)s[n]=t[n];s.source=e;var r=e.emit;return e.emit=function(){return s._handleEmit(arguments),r.apply(e,arguments)},e.on("error",function(){}),s.pauseStream&&e.pause(),s};Object.defineProperty(Gt.prototype,"readable",{configurable:!0,enumerable:!0,get:function(){return this.source.readable}});Gt.prototype.setEncoding=function(){return this.source.setEncoding.apply(this.source,arguments)};Gt.prototype.resume=function(){this._released||this.release(),this.source.resume()};Gt.prototype.pause=function(){this.source.pause()};Gt.prototype.release=function(){this._released=!0,this._bufferedEvents.forEach(function(e){this.emit.apply(this,e)}.bind(this)),this._bufferedEvents=[]};Gt.prototype.pipe=function(){var e=mp.prototype.pipe.apply(this,arguments);return this.resume(),e};Gt.prototype._handleEmit=function(e){if(this._released){this.emit.apply(this,e);return}e[0]==="data"&&(this.dataSize+=e[1].length,this._checkIfMaxDataSizeExceeded()),this._bufferedEvents.push(e)};Gt.prototype._c --- dist/validation/CdkInsightsPolicyValidationPlugin.d.ts (bundled) --- import type { CustomRuleDefinition } from '../rules/customRules.types'; import type { ServiceName, Severity } from '../types/analysis.types'; export interface PolicyViolatingResource { readonly resourceLogicalId: string; readonly locations: string[]; readonly templatePath: string; } export interface PolicyViolation { readonly ruleName: string; readonly description: string; readonly violatingResources: PolicyViolatingResource[]; readonly fix?: string; readonly severity?: string; readonly ruleMetadata?: { readonly [key: string]: string; }; } export interface PolicyValidationPluginReport { readonly violations: PolicyViolation[]; readonly success: boolean; readonly pluginVersion?: string; readonly metadata?: { readonly [key: string]: string; }; } export interface PolicyValidationContext { readonly templatePaths: string[]; } export interface CdkInsightsPolicyValidationPluginOptions { /** Restrict checks to these AWS services. Defaults to all services. */ readonly selectedServices?: ServiceName[]; /** Drop violations below this severity. Defaults to LOW (no filter). */ readonly minimumSeverity?: Severity; /** Reported back to CDK for analytics; arbitrary semver string. */ readonly version?: string; /** User-defined custom rules to evaluate alongside built-ins. */ readonly customRules?: CustomRuleDefinition[]; /** * Skip reading `.cdk-insights.json` from the project root. Defaults to * `false` — the plugin honours the same `ignoreRules` / `ignorePaths` the * `cdk-insights scan` command does, so plugin and CLI agree on what's a * finding. Set to `true` to opt out of project-config suppression. */ readonly ignoreProjectConfig?: boolean; /** * Skip reading
