// npm 패키지
wdb-cli
버전
21
메인테이너
1
라이선스
MIT
최초 publish
2025-09-11
publisher
asteroiddao
tarball
1,133,179 B
AUTO-PUBLISHED·2개 버전 인덱싱됨·최근 publish: 2026-05-26
// publisher 캠페인by asteroiddao
이 계정에서 catch된 패키지 9건고립된 catch가 아닙니다. 동일 publisher가 8개의 다른 패키지를 추가로 발행했고, 모두 파이프라인이 catch했습니다 — 일회성이 아닌 조직적 캠페인의 형태. 아래 링크는 각 형제 catch의 분석으로 이동합니다.
// offending code· @0.1.1· 2 files flagged
llm: benign · 0.85→ 의심 전송지 없음, 원격 실행 형태 없음 — 2 other host(s).
- @0.1.1··AUTO-PUBLISHED·publisher: asteroiddaoheuristic 89/100static flags 1llm benign (0.85) via ollamainstall-scripts:preinstallnew-publisher:1dmature-packagepublisher-multi-name-burst:16publisher-version-pump:17osv-flagged:MAL-2026-4713child-process-spawn
→ 의심 전송지 없음, 원격 실행 형태 없음 — 2 other host(s).
// offending code· 2 files flaggedpatterns: 1
--- install scripts --- ### preinstall ./vendor/setup --- package/index.js (excerpt) --- #!/usr/bin/env node const util = require("node:util") const exec = util.promisify(require("node:child_process").exec) const cmd = process.argv[2] const { cpSync, existsSync } = require("fs") const { resolve } = require("path") const { isNil } = require("ramda") const main = async () => { switch (cmd) { case "create": const appname = process.argv[3] if (isNil(appname)) { console.error("appname not specified") break } const appdir = resolve(process.cwd(), appname) if (existsSync(appdir)) { console.error(`appdir exists: ${appdir}`) break } const workspace = resolve(__dirname, "workspace") try { cpSync(workspace, appdir, { recursive: true }) const { error, stdout, stderr } = await exec( `cd ${appdir} && yarn && rm -rf .weavedb && mkdir .weavedb` ) if (error) { console.error(`something went wrong...`) } else { console.log(`${appname} successfully created!`) } } catch (e) { console.error(e) } break default: console.error(`command not found: ${cmd}`) } } main() --- package/workspace/scripts/deploy.js (excerpt) --- import yargs from "yargs" import { resolve } from "path" import { readFileSync, writeFileSync } from "fs" import { toAddr } from "wao/utils" import { DB } from "wdb-sdk" import schemas from "../db/schemas.js" import auth from "../db/auth.js" import indexes from "../db/indexes.js" import triggers from "../db/triggers.js" const { wallet, hb = "http://localhost:10001", db: url = "http://localhost:6364", } = yargs(process.argv.slice(2)).argv let jwk = null try { jwk = JSON.parse(readFileSync(resolve(process.cwd(), wallet), "utf8")) } catch (e) { console.log("the wrong wallet location") process.exit() } const main = async () => { console.log(`HyperBEAM: ${hb}`) console.log(`DB Rollup: ${url}`) console.log(`Wallet: ${toAddr(jwk.n)}`) const db = new DB({ jwk, hb, url }) const id = await db.spawn() console.log(`DB deployed: ${id}`) for (const name in schemas) { const res = await db.mkdir({ name, schema: schemas[name], auth: auth[name], }) if (res.success) console.log(`Dir created: ${name}`) else { console.log(res.error) process.exit() } } for (const k in indexes) for (const i of indexes[k]) { const res = await db.addIndex(i, k) if (res.success) console.log(`Index added: ${k} => ${JSON.stringify(i)}`) else { console.log(res.error) process.exit() } } for (const k in triggers) { for (const t of triggers[k]) { const res = await db.addTrigger(t, k)
