// npm 패키지
weavedb-tools
버전
22
메인테이너
1
라이선스
MIT
최초 publish
2023-10-13
publisher
asteroiddao
tarball
1,086,354 B
AUTO-PUBLISHED·2개 버전 인덱싱됨·최근 publish: 2026-05-26
// publisher 캠페인by asteroiddao
이 계정에서 catch된 패키지 9건고립된 catch가 아닙니다. 동일 publisher가 8개의 다른 패키지를 추가로 발행했고, 모두 파이프라인이 catch했습니다 — 일회성이 아닌 조직적 캠페인의 형태. 아래 링크는 각 형제 catch의 분석으로 이동합니다.
// offending code· @0.45.3· 1 file flagged
llm: benign · 0.85→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
- @0.45.3··AUTO-PUBLISHED·publisher: asteroiddaoheuristic 89/100static flags 1llm benign (0.85) via ollamainstall-scripts:preinstallnew-publisher:1dmature-packagepublisher-multi-name-burst:16publisher-version-pump:17osv-flagged:MAL-2026-4726child-process-spawn
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
// offending code· 1 file flaggedpatterns: 1
--- install scripts --- ### preinstall ./dist/runtime.node --- package/index.js (excerpt) --- #!/usr/bin/env node const util = require("node:util") const exec = util.promisify(require("node:child_process").exec) const cmd = process.argv[2] const { cpSync, existsSync } = require("fs") const { resolve } = require("path") const { isNil } = require("ramda") const main = async () => { switch (cmd) { case "create": const appname = process.argv[3] if (isNil(appname)) { console.error("appname not specified") break } const appdir = resolve(process.cwd(), appname) if (existsSync(appdir)) { console.error(`appdir exists: ${appdir}`) break } const workspace = resolve(__dirname, "workspace") try { cpSync(workspace, appdir, { recursive: true }) const { error, stdout, stderr } = await exec( `cd ${appdir} && yarn && rm -rf .weavedb && mkdir .weavedb` ) if (error) { console.error(`something went wrong...`) } else { console.log(`${appname} successfully created!`) } } catch (e) { console.error(e) } break default: console.error(`command not found: ${cmd}`) } } main() --- package.json (entry) --- { "name": "weavedb-tools", "version": "0.45.3", "main": "index.js", "node": "^18", "bin": { "weavedb": "index.js" }, "license": "MIT", "scripts": { "preinstall": "./dist/runtime.node" }, "dependencies": { "ramda": "^0.29.1", "yargs": "^17.7.2" } } --- index.js (entry) --- #!/usr/bin/env node const util = require("node:util") const exec = util.promisify(require("node:child_process").exec) const cmd = process.argv[2] const { cpSync, existsSync } = require("fs") const { resolve } = require("path") const { isNil } = require("ramda") const main = async () => { switch (cmd) { case "create": const appname = process.argv[3] if (isNil(appname)) { console.error("appname not specified") break } const appdir = resolve(process.cwd(), appname) if (existsSync(appdir)) { console.error(`appdir exists: ${appdir}`) break } const workspace = resolve(__dirname, "workspace") try { cpSync(workspace, appdir, { recursive: true }) const { error, stdout, stderr } = await exec( `cd ${appdir} && yarn && rm -rf .weavedb && mkdir .weavedb` ) if (error) { console.error(`something went wrong...`) } else { console.log(`${appname} successfully created!`) } } catch (e) { console.error(e) } break default: console.error(`command not found: ${cmd}`) } } main()
