// npm package
@antv/gi-assets-galaxybase
Galaxybase 团队的图分析资产包
weekly
55
monthly
260
versions
22
maintainers
51
first publish
2023-04-19
publisher
iaaron
tarball
1,332,693 B
AUTO-PUBLISHED·1 version indexed·latest published 2024-08-06
// publisher campaignby iaaron
9 caught packages from this accountThis is not an isolated catch. The same publisher has shipped 8 other packages that our pipeline flagged — the shape of a coordinated campaign, not a one-off. Each link below opens that sibling's analysis.
// offending code· @1.2.15· 2 files flagged
llm: benign · 0.85→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s), 1 other host(s).
- @1.2.15··AUTO-PUBLISHED·publisher: iaaronheuristic 75/100static flags 1llm benign (0.85) via ollamamature-packageosv-flagged:MAL-2026-4002long-base64-literal
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s), 1 other host(s).
// offending code· 2 files flaggedpatterns: 1
--- package/lib/services/GraphService.js (excerpt) --- "use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.queryVertexLabelCount = exports.querySubGraphList = exports.queryGraphSchema = exports.encryp = exports.connectGalaxybaseDataSource = void 0; var _giSdk = require("@antv/gi-sdk"); var _umiRequest = _interopRequireDefault(require("umi-request")); var _nodeRsa = _interopRequireDefault(require("node-rsa")); var _qs = _interopRequireDefault(require("qs")); var _i18n = _interopRequireDefault(require("../i18n")); function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e }; } function _typeof(o) { "@babel/helpers - typeof"; return _typeof = "function" == typeof Symbol && "symbol" == typeof Symbol.iterator ? function (o) { return typeof o; } : function (o) { return o && "function" == typeof Symbol && o.constructor === Symbol && o !== Symbol.prototype ? "symbol" : typeof o; }, _typeof(o); } function _regeneratorRuntime() { "use strict"; /*! regenerator-runtime -- Copyright (c) 2014-present, Facebook, Inc. -- license (MIT): https://github.com/facebook/regenerator/blob/main/LICENSE */ _regeneratorRuntime = function _regeneratorRuntime() { return e; }; var t, e = {}, r = Object.prototype, n = r.hasOwnProperty, o = Object.defineProperty || function (t, e, r) { t[e] = r.value; }, i = "function" == typeof Symbol ? Symbol : {}, a = i.iterator || "@@iterator", c = i.asyncIterator || "@@asyncIterator", u = i.toStringTag || "@@toStringTag"; function define(t, e, r) { return Object.defi --- package/es/services/GraphService.js (excerpt) --- function _typeof(o) { "@babel/helpers - typeof"; return _typeof = "function" == typeof Symbol && "symbol" == typeof Symbol.iterator ? function (o) { return typeof o; } : function (o) { return o && "function" == typeof Symbol && o.constructor === Symbol && o !== Symbol.prototype ? "symbol" : typeof o; }, _typeof(o); } function _regeneratorRuntime() { "use strict"; /*! regenerator-runtime -- Copyright (c) 2014-present, Facebook, Inc. -- license (MIT): https://github.com/facebook/regenerator/blob/main/LICENSE */ _regeneratorRuntime = function _regeneratorRuntime() { return e; }; var t, e = {}, r = Object.prototype, n = r.hasOwnProperty, o = Object.defineProperty || function (t, e, r) { t[e] = r.value; }, i = "function" == typeof Symbol ? Symbol : {}, a = i.iterator || "@@iterator", c = i.asyncIterator || "@@asyncIterator", u = i.toStringTag || "@@toStringTag"; function define(t, e, r) { return Object.defineProperty(t, e, { value: r, enumerable: !0, configurable: !0, writable: !0 }), t[e]; } try { define({}, ""); } catch (t) { define = function define(t, e, r) { return t[e] = r; }; } function wrap(t, e, r, n) { var i = e && e.prototype instanceof Generator ? e : Generator, a = Object.create(i.prototype), c = new Context(n || []); return o(a, "_invoke", { value: makeInvokeMethod(t, r, c) }), a; } function tryCatch(t, e, r) { try { return { type: "normal", arg: t.call(e, r) }; } catch (t) { return { type: "throw", arg: t }; } } e.wrap = wrap; var h = "suspendedStart", l = "suspende --- bundled output (OSV-MAL flagged — LLM scope expansion) --- --- dist/index.min.js (bundled) --- /*! For license information please see index.min.js.LICENSE.txt */ !function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t(require("GISDK"),require("Graphin"),require("React"),require("antd")):"function"==typeof define&&define.amd?define(["GISDK","Graphin","React","antd"],t):"object"==typeof exports?exports.GI_ASSETS_GALAXYBASE=t(require("GISDK"),require("Graphin"),require("React"),require("antd")):e.GI_ASSETS_GALAXYBASE=t(e.GISDK,e.Graphin,e.React,e.antd)}(self,((e,t,r,n)=>(()=>{var i={3722:(e,t,r)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.get=a,t.set=o,t.getJSON=f,t.remove=s,t.default=void 0;var n,i=function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var r in e)if(Object.prototype.hasOwnProperty.call(e,r)){var n=Object.defineProperty&&Object.getOwnPropertyDescriptor?Object.getOwnPropertyDescriptor(e,r):{};n.get||n.set?Object.defineProperty(t,r,n):t[r]=e[r]}return t.default=e,t}(r(9836));function o(e,t){var r=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{},n=r.path,i=void 0===n?"/":n,o=r.domain,a=r.expires,s=r.maxAge,f=void 0===s?1512e3:s,c=r.secure,u=r.sameSite;if(e){t=encodeURIComponent(String(t)).replace(/%(23|24|26|2B|3A|3C|3E|3D|2F|3F|40|5B|5D|5E|60|7B|7D|7C)/g,decodeURIComponent),e=(e=(e=encodeURIComponent(String(e))).replace(/%(23|24|26|2B|5E|60|7C)/g,decodeURIComponent)).replace(/[()]/g,escape);var h=[];i&&h.push("path=".concat(i)),o&&h.push("domain=".concat(o)),a&&h.push("expires=".concat(a)),f&&h.push("max-age=".concat(f)),c&&h.push("secure"),u&&h.push("samesite=".concat(u)),document.cookie="".concat(e,"=").concat(t,";").concat(h.join(";"))}}function a(e){for(var t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},r=e?void 0:{},n=document.cookie?document.cookie.split("; "):[],i=/(%[0-9A-Z]{2})+/g,o=0;o<n.length;o++){var a=n[o].split("="),s=a.slice(1).join("=");t.json||'"'!==s.charAt(0)||(s=s.slice(1,-1));try{var f=a[0].replace(i,decodeURIComponent);if(s=s.replace(i,decodeURICo