// npm package
@adminforth/completion-adapter-openai-responses
AdminForth completion adapter for the OpenAI Responses API.
weekly
313
monthly
585
versions
9
maintainers
6
license
MIT
first publish
2026-04-23
publisher
vanbrosh
tarball
60,207 B
AUTO-PUBLISHED·1 version indexed·latest published 2026-06-05
// exfil path
what is read → where it shipssteals
- ● AI API keys
- ● Slack tokens
sends to
(no destination string extracted — payload may be dynamic / obfuscated)
evidence in excerpt
> "homepage": "https://adminforth.dev/docs/tutorial/Adapters/completion-adapter-openai-responses/", > "url": "https://github.com/devforth/adminforth-completion-adapter-openai-responses.git" > "author": "DevForth (https://devforth.io)", > * OpenAI API key. Go to https://platform.openai.com/, go to Dashboard -> API keys -> Create new secret key > * Example: `https://oai.endpoints.kepler.ai.cloud.ovh.net/v1`
// publisher campaignby vanbrosh
4 caught packages from this accountThis is not an isolated catch. The same publisher has shipped 3 other packages that our pipeline flagged — the shape of a coordinated campaign, not a one-off. Each link below opens that sibling's analysis.
// offending code· @1.0.2· 3 files flagged
- @1.0.2··AUTO-PUBLISHED·publisher: vanbroshheuristic 64/100static flags 4llm skippednew-publisher:16dhas-source-repopublisher-multi-name-burst:4publisher-version-pump:6public-github-pushreads-ai-api-keysreads-env-varsreads-slack-tokens
// offending code· 3 files flaggedpatterns: 4
--- package/package.json (excerpt) --- { "name": "@adminforth/completion-adapter-openai-responses", "version": "1.0.2", "main": "dist/index.js", "types": "dist/index.d.ts", "type": "module", "homepage": "https://adminforth.dev/docs/tutorial/Adapters/completion-adapter-openai-responses/", "repository": { "type": "git", "url": "https://github.com/devforth/adminforth-completion-adapter-openai-responses.git" }, "publishConfig": { "access": "public" }, "scripts": { "build": "tsc" }, "keywords": [], "author": "DevForth (https://devforth.io)", "license": "MIT", "description": "AdminForth completion adapter for the OpenAI Responses API.", "devDependencies": { "semantic-release": "^24.2.1", "semantic-release-slack-bot": "^4.0.2", "typescript": "^5.9.3" }, "dependencies": { "@langchain/core": "^1.1.41", "@langchain/openai": "1.4.4", "langchain": "^1.3.4", "openai": "^6.42.0", "tiktoken": "^1.0.22" }, "peerDependencies": { "adminforth": "^2.24.0" }, "release": { "plugins": [ "@semantic-release/commit-analyzer", "@semantic-release/release-notes-generator", "@semantic-release/npm", "@semantic-release/github", [ "semantic-release-slack-bot", { "packageName": "@adminforth/completion-adapter-openai-responses", "notifyOnSuccess": true, "notifyOnFail": true, "slackIcon": ":package:", "markdownReleaseNotes": true } ] ], --- package/types.ts (excerpt) --- import type OpenAI from "openai"; export type AdapterExtraRequestBodyParameters = Partial< Omit<OpenAI.Responses.ResponseCreateParamsNonStreaming, "stream"> >; export interface AdapterOptions { /** * OpenAI API key. Go to https://platform.openai.com/, go to Dashboard -> API keys -> Create new secret key * Paste value in your .env file OPENAI_API_KEY=your_key * Set openAiApiKey: process.env.OPENAI_API_KEY to access it */ openAiApiKey: string; /** * Optional OpenAI-compatible base URL. * * Example: `https://oai.endpoints.kepler.ai.cloud.ovh.net/v1` */ baseUrl?: string; /** * Forces LangChain agent mode to use the Chat Completions API instead of the * Responses API. * * When omitted, the adapter keeps the current default behavior: * - official OpenAI uses the Responses API * - custom `baseUrl` providers use the Chat Completions API */ useComplitionApi?: boolean; /** * Model name. Go to https://platform.openai.com/docs/models, select model and copy name. * Default is `gpt-5-nano`. */ model?: string; /** * Additional request body parameters to include in the API request. */ extraRequestBodyParameters?: AdapterExtraRequestBodyParameters; /** * Logs the exact JSON body sent to the OpenAI Responses endpoint. * Authorization headers are not logged. */ dumpRawRequest?: boolean; } --- package/.woodpecker/buildSlackNotify.sh (excerpt) --- #!/bin/sh set -x COMMIT_SHORT_SHA=$(echo $CI_COMMIT_SHA | cut -c1-8) STATUS=${1} if [ "$STATUS" = "success" ]; then MESSAGE="Did a build without issues on \`$CI_REPO_NAME/$CI_COMMIT_BRANCH\`. Commit: _${CI_COMMIT_MESSAGE}_ (<$CI_COMMIT_URL|$COMMIT_SHORT_SHA>)" curl -s -X POST -H "Content-Type: application/json" -d '{ "username": "'"$CI_COMMIT_AUTHOR"'", "icon_url": "'"$CI_COMMIT_AUTHOR_AVATAR"'", "attachments": [ { "mrkdwn_in": ["text", "pretext"], "color": "#36a64f", "text": "'"$MESSAGE"'" } ] }' "$DEVELOPERS_SLACK_WEBHOOK" exit 0 fi export BUILD_LOG=$(cat ./build.log) BUILD_LOG=$(echo $BUILD_LOG | sed 's/"/\\"/g') MESSAGE="Broke \`$CI_REPO_NAME/$CI_COMMIT_BRANCH\` with commit _${CI_COMMIT_MESSAGE}_ (<$CI_COMMIT_URL|$COMMIT_SHORT_SHA>)" CODE_BLOCK="\`\`\`$BUILD_LOG\n\`\`\`" echo "Sending slack message to developers $MESSAGE" curl -sS -X POST -H "Content-Type: application/json" -d '{ "username": "'"$CI_COMMIT_AUTHOR"'", "icon_url": "'"$CI_COMMIT_AUTHOR_AVATAR"'", "attachments": [ { "mrkdwn_in": ["text", "pretext"], "color": "#8A1C12", "text": "'"$CODE_BLOCK"'", "pretext": "'"$MESSAGE"'" } ] }' "$DEVELOPERS_SLACK_WEBHOOK" 2>&1
