// npm package

@antv/dipper-map

在线 Demo 地址: https://antv.vision/DipperMap/demo

npmjs.com tarball

versions

maintainers

first publish

2021-11-09

publisher

yanxiong

tarball

10,383,420 B

AUTO-PUBLISHED·1 version indexed·latest published 2022-03-02

// exfil path

what is read → where it ships

steals

○ shell history
○ system info

sends to

(no destination string extracted — payload may be dynamic / obfuscated)

evidence in excerpt

> (function(e){var t={};function n(r){if(t[r])return t[r].exports;var o=t[r]={i:r,l:!1,exports:{}};return e[r].call(o.exports,o,o.exports,n),o.l=!0,o.exports}n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)||Ob…

→ view full payload

// publisher campaignby yanxiong

6 caught packages from this account

This is not an isolated catch. The same publisher has shipped 5 other packages that our pipeline flagged — the shape of a coordinated campaign, not a one-off. Each link below opens that sibling's analysis.

// offending code· @1.0.10· 3 files flagged

llm: benign · 0.85

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s), 1 other host(s).

@1.0.10·2022-03-02·AUTO-PUBLISHED·publisher: yanxiong

heuristic 75/100

static flags 5

llm benign (0.85) via ollama

mature-packageosv-flagged:MAL-2026-3872install-path-npm-publishreads-env-varsreads-shell-historyreads-system-infochild-process-spawn

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s), 1 other host(s).

// offending code· 3 files flaggedpatterns: 5

--- package/package.json (excerpt) ---
{
  "name": "@antv/dipper-map",
  "version": "1.0.10",
  "scripts": {
    "start": "dumi dev",
    "docs:build": "dumi build",
    "docs:deploy": "gh-pages -d docs-dist",
    "lint": "eslint --ext .ts,.tsx src",
    "build": "father-build",
    "deploy": "npm run docs:build && npm run docs:deploy",
    "release": "npm run build && npm publish",
    "prettier": "prettier --write \"**/*.{js,jsx,tsx,ts,less,md,json}\"",
    "test": "umi-test",
    "test:coverage": "umi-test --coverage"
  },
  "main": "dist/index.js",
  "module": "dist/index.esm.js",
  "typings": "dist/index.d.ts",
  "gitHooks": {
    "pre-commit": "lint-staged"
  },
  "lint-staged": {
    "*.{js,jsx,less,md,json}": [
      "prettier --write"
    ],
    "*.ts?(x)": [
      "prettier --parser=typescript --write"
    ]
  },
  "dependencies": {
    "@antv/l7": "^2.6.1",
    "@antv/l7-maps": "^2.6.1",
    "@antv/l7-react": "^2.3.9",
    "@turf/turf": "^6.5.0",
    "ahooks": "^2.10.12",
    "classnames": "^2.3.1",
    "dayjs": "^1.10.7",
    "download.js": "^1.0.0",
    "fast-deep-equal": "^3.1.3",
    "h3-js": "^3.7.2",
    "idb-kv-store": "^4.5.0",
    "lodash": "^4.17.21",
    "md5": "^2.3.0",
    "papaparse": "^5.3.1",
    "react-beautiful-dnd": "^13.1.0",
    "react-color": "^2.19.3",
    "umi-request": "^1.4.0",
    "uuid": "^8.3.2"
  },
  "devDependencies": {
    "@types/lodash": "^4.14.176",
    "@types/md5": "^2.3.1",
    "@types/papaparse": "^5.3.0",
    "@types/react-beautiful-dnd": "^13.1.2",
    "@types/r

--- package/src/.umi/umi.ts (excerpt) ---
// @ts-nocheck
import './core/polyfill';
import '@@/core/devScripts';
import { plugin } from './core/plugin';
import './core/pluginRegister';
import { createHistory } from './core/history';
import { ApplyPluginsType } from '/Users/yanxiong/Desktop/dipper-view/node_modules/_@umijs_runtime@3.5.20@@umijs/runtime';
import { renderClient } from '/Users/yanxiong/Desktop/dipper-view/node_modules/_@umijs_renderer-react@3.5.20@@umijs/renderer-react';
import { getRoutes } from './core/routes';




const getClientRender = (args: { hot?: boolean; routes?: any[] } = {}) => plugin.applyPlugins({
  key: 'render',
  type: ApplyPluginsType.compose,
  initialValue: () => {
    const opts = plugin.applyPlugins({
      key: 'modifyClientRenderOpts',
      type: ApplyPluginsType.modify,
      initialValue: {
        routes: args.routes || getRoutes(),
        plugin,
        history: createHistory(args.hot),
        isServer: process.env.__IS_SERVER,
        rootElement: 'root',
        defaultTitle: `Dipper-Map`,
      },
    });
    return renderClient(opts);
  },
  args,
});

const clientRender = getClientRender();
export default clientRender();


    window.g_umi = {
      version: '3.5.20',
    };
  

// hot module replacement
// @ts-ignore
if (module.hot) {
  // @ts-ignore
  module.hot.accept('./core/routes', () => {
    const ret = require('./core/routes');
    if (ret.then) {
      ret.then(({ getRoutes }) => {
        getClientRender({ hot: true, routes: getRoutes() })();
      });
    }

--- package/docs-dist/umi.235c8e7a.js (excerpt) ---
(function(e){var t={};function n(r){if(t[r])return t[r].exports;var o=t[r]={i:r,l:!1,exports:{}};return e[r].call(o.exports,o,o.exports,n),o.l=!0,o.exports}n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:r})},n.r=function(e){"undefined"!==typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"===typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var o in e)n.d(r,o,function(t){return e[t]}.bind(null,o));return r},n.n=function(e){var t=e&&e.__esModule?function(){return e["default"]}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="/DipperMap/",n(n.s=0)})({"+3Ak":function(e,t,n){var r=n("HIsA");r({target:"Math",stat:!0},{DEG_PER_RAD:Math.PI/180})},"+3y3":function(e,t,n){"use strict";var r=n("HIsA"),o=n("PaPB"),i=n("t0cd"),a="Invalid number representation",u="Invalid radix",c=/^[\da-z]+$/;r({target:"Number",stat:!0},{fromString:function(e,t){var n,r,l=1;if("string"!=typeof e)throw TypeError(a);if(!e.length)throw SyntaxError(a);if("-"==e.charAt(0)&&(l=-1,e=e.slice(1),!e.length))throw SyntaxError(a);if(n=void 0===t?10:o(t),n<2||n>36)throw RangeError(u);if(!c.test(e)||(r=i(e,n)).toString(n)!==e)throw SyntaxError(a);retur

--- bundled output (OSV-MAL flagged — LLM scope expansion) ---

--- dist/index.d.ts (bundled) ---
import React from 'react';
import { IGlobalProps } from './typings';
declare const DipperMap: React.FC<IGlobalProps>;
export default DipperMap;


--- dist/index.esm.js (bundled) ---
import React, { createContext, useMemo, useCallback, useState, useContext, useEffect, forwardRef, createElement, memo, useRef } from 'react';
import { AMapScene, MapboxScene, PointLayer as PointLayer$1, LineLayer as LineLayer$1, PolygonLayer as PolygonLayer$1, HeatmapLayer, LayerEvent, Popup } from '@antv/l7-react';
import { useLocalStorageState, useKeyPress, useDebounceEffect, useThrottleFn, useMount } from 'ahooks';
import { Popover, Input, Slider, Divider, Button, Modal, Menu, Tooltip, message, Checkbox, Form, Upload, Dropdown, Radio, Row, Col, Tag, Tabs, Drawer, Table, Popconfirm, Empty, Spin, Select, InputNumber, Switch, Collapse, ConfigProvider } from 'antd';
import classnames from 'classnames';
import md5 from 'md5';
import IdbKvStore from 'idb-kv-store';
import { isEqual, groupBy, pullAll, cloneDeep, debounce, merge } from 'lodash';
import { v4 } from 'uuid';
import { downloadUrl, downloadText } from 'download.js';
import dayjs from 'dayjs';
import papaparse from 'papaparse';
import request from 'umi-request';
import { featureCollection, point, lineString, polygon } from '@turf/turf';
import { DragDropContext, Droppable, Draggable } from 'react-beautiful-dnd';
import { SketchPicker } from 'react-color';
import { h3ToGeoBoundary } from 'h3-js';
import zhCN from 'antd/lib/locale/zh_CN';

function ownKeys(object, enumerableOnly) {
  var keys = Object.keys(object);

  if (Object.getOwnPropertySymbols) {
    var symbols = Object.getOwnPropertySymbols(object);

    if (enumerableOnly) {
      symbols = symbols.filter(function (sym) {
        return Object.getOwnPropertyDescriptor(object, sym).enumerable;
      });
    }

    keys.push.apply(keys, symbols);
  }

  return keys;
}

function _objectSpread2(target) {
  for (var i = 1; i < arguments.length; i++) {
    var source = arguments[i] != null ? arguments[i] : {};

    if (i % 2) {
      ownKeys(Object(source), true).forEach(function (key) {
        _defineProperty(target, key, source[key]);
      });
    } else

--- dist/index.js (bundled) ---
'use strict';

var React = require('react');
var l7React = require('@antv/l7-react');
var ahooks = require('ahooks');
var antd = require('antd');
var classnames = require('classnames');
var md5 = require('md5');
var IdbKvStore = require('idb-kv-store');
var lodash = require('lodash');
var uuid = require('uuid');
var download_js = require('download.js');
var dayjs = require('dayjs');
var papaparse = require('papaparse');
var request = require('umi-request');
var turf = require('@turf/turf');
var reactBeautifulDnd = require('react-beautiful-dnd');
var reactColor = require('react-color');
var h3Js = require('h3-js');
var zhCN = require('antd/lib/locale/zh_CN');

function _interopDefaultLegacy (e) { return e && typeof e === 'object' && 'default' in e ? e : { 'default': e }; }

var React__default = /*#__PURE__*/_interopDefaultLegacy(React);
var classnames__default = /*#__PURE__*/_interopDefaultLegacy(classnames);
var md5__default = /*#__PURE__*/_interopDefaultLegacy(md5);
var IdbKvStore__default = /*#__PURE__*/_interopDefaultLegacy(IdbKvStore);
var dayjs__default = /*#__PURE__*/_interopDefaultLegacy(dayjs);
var papaparse__default = /*#__PURE__*/_interopDefaultLegacy(papaparse);
var request__default = /*#__PURE__*/_interopDefaultLegacy(request);
var zhCN__default = /*#__PURE__*/_interopDefaultLegacy(zhCN);

function ownKeys(object, enumerableOnly) {
  var keys = Object.keys(object);

  if (Object.getOwnPropertySymbols) {
    var symbols = Object.getOwnPropertySymbols(object);

    if (enumerableOnly) {
      symbols = symbols.filter(function (sym) {
        return Object.getOwnPropertyDescriptor(object, sym).enumerable;
      });
    }

    keys.push.apply(keys, symbols);
  }

  return keys;
}

function _objectSpread2(target) {
  for (var i = 1; i < arguments.length; i++) {
    var source = arguments[i] != null ? arguments[i] : {};

    if (i % 2) {
      ownKeys(Object(source), true).forEach(function (key) {
        _defineProperty(target, key, source[key]);
      });
  

--- dist/utils/filter.d.ts (bundled) ---
import type { IDataset, IFilter } from '../typings';
export declare const filterData: (dataset: IDataset, filters: IFilter[]) => Promise<any[]>;


--- dist/utils/format.d.ts (bundled) ---
declare const trim: (str: string) => string;
declare const formatDateTime: (time: number | string) => string;
export { trim, formatDateTime };


--- dist/utils/index.d.ts (bundled) ---
export * from './filter';
export * from './format';
export * from './indexdb';
export * from './tools';


--- dist/utils/indexdb.d.ts (bundled) ---
export declare type STORE_KEY_TYPE = 'DATASET_LIST' | 'LAYER_LIST' | 'FILTER_LIST' | 'INTERACTIVE_LIST' | 'FILTERED_DATASET' | 'PLAN_LIST' | 'SELECT_PLAN_ID';
export declare function getDBStore<P = any>(key: STORE_KEY_TYPE): Promise<P>;
export declare function setDBStore<P = any>(key: STORE_KEY_TYPE, value: P): any;


--- dist/utils/tools.d.ts (bundled) ---
import { IEntity } from '../typings';
/**
 * 获取随机的id
 * @param prefix id前缀
 */
export declare const getRandomId: (prefix?: string) => string;
/**
 * 获取元素到page左上角的像素值
 * @param element
 */
export declare const getRealOffsetTop: (element: Element) => any;
/**
 * 生成以length结尾的唯一名称
 * @param list
 * @param field
 * @param prefix
 */
export declare function generateUnRepeatValue<P, T>(list: P[], field: keyof P, prefix?: string): T;
/**
 * 根据datasetId筛选
 * @param list
 * @param datasetId
 */
export declare const filterByDatasetId: <P extends IEntity>(list: P[], datasetId?: string | null | undefined) => P[];
export declare const getFilterRange: (range: [number, number]) => [number, number];
export declare const downloadFile: (content: string, fileName?: string, isUrl?: boolean) => void;


--- dist/utils/lineBundle/algorithm.d.ts (bundled) ---
export default function (): () => any[];


--- dist/utils/lineBundle/index.d.ts (bundled) ---
declare const bundle: (data: {
    start: [number, number];
    end: [number, number];
}[], compatibility?: number, stepSize?: number | undefined) => any;
export default bundle;


--- dist/typings/common.d.ts (bundled) ---
export interface IEntity {
    id: string;
    name: string;
    order: number;
    createTime: number;
    datasetId?: string | null;
}
export interface IOption<P = string> {
    label: string;
    value: P;
    [key: string]: any;
}
export declare type DeepPartial<T> = {
    [U in keyof T]?: T[U] extends object ? DeepPartial<T[U]> : T[U];
};


--- dist/typings/dataset.d.ts (bundled) ---
import type { IEntity } from './common';
import { Feature } from '@turf/turf';
import { ILayerType } from './layer';
export declare type IDatasetFieldType = 'string' | 'number' | 'boolean';
export interface IDatasetStringField<T = string> {
    type: 'string';
    name: T | string;
    values: string[];
    uniqueValues: string[];
    range?: [number, number];
}
export interface IDatasetNumberField<T = string> {
    type: 'number';
    name: T | string;
    values: number[];
    uniqueValues: number[];
    range: [number, number];
}
export declare type IDatasetDownloadType = 'json' | 'csv';
export interface IDatasetBooleanField<T = string> {
    type: 'boolean';
    name: T | string;
}
export declare type IDatasetField<T = string> = IDatasetStringField<T> | IDatasetBooleanField<T> | IDatasetNumberField<T>;
export declare type IDatasetGeoJsonMap = Partial<{
    [key in ILayerType]: Feature[];
}>;
export interface IDatasetGeoJson {
    enable: boolean;
    map: IDatasetGeoJsonMap;
    layerTypes: ILayerType[];
}
export interface IExportDataset {
    src: string;
    datasetId: string;
    name: string;
}
export interface IDataset<P = Record<string, any>> extends IEntity {