// npm package
@antv/gi-cli
the create CLI tool for G6VP assets
weekly
55
monthly
195
versions
19
maintainers
51
license
MIT
first publish
2022-11-25
publisher
kn9117
tarball
54,292 B
AUTO-PUBLISHED·1 version indexed·latest published 2024-01-03
// publisher campaignby kn9117
4 caught packages from this accountThis is not an isolated catch. The same publisher has shipped 3 other packages that our pipeline flagged — the shape of a coordinated campaign, not a one-off. Each link below opens that sibling's analysis.
// offending code· @1.2.11· no static-pattern hits
llm: benign · 0.85→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
- @1.2.11··AUTO-PUBLISHED·publisher: kn9117heuristic 75/100static flags 0llm benign (0.85) via ollamamature-packageosv-flagged:MAL-2026-4011
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
// offending code· no static-pattern hits
--- package.json (entry) --- { "name": "@antv/gi-cli", "version": "1.2.11", "description": "the create CLI tool for G6VP assets", "main": "dist/index.js", "types": "dist/index.d.ts", "bin": { "gi-create": "./bin/gi-create.js" }, "scripts": { "dev": "father dev", "build": "father build", "build:deps": "father prebundle", "sync": "tnpm sync @antv/gi-cli" }, "keywords": [], "authors": [ "yang" ], "license": "MIT", "files": [ "dist", "templates" ], "publishConfig": { "access": "public" }, "dependencies": { "@umijs/utils": "^3.5.41" }, "devDependencies": { "father": "^4.0.7" }, "repository": { "type": "git", "url": "https://github.com/antvis/G6VP" }, "homepage": "https://github.com/antvis/G6VP#readme" } --- bundled output (OSV-MAL flagged — LLM scope expansion) --- --- dist/cli.d.ts (bundled) --- export {}; --- dist/cli.js (bundled) --- // src/cli.ts var import_utils = require("@umijs/utils"); var import_path = require("path"); var args = (0, import_utils.yParser)(process.argv.slice(2), { alias: { version: ["v"], help: ["h"] }, boolean: ["version"] }); var cwd = process.cwd(); var [name] = args._; var target = name ? (0, import_path.join)(cwd, name) : cwd; var questions = [ { name: "name", type: "text", message: `Input NPM package name (eg: gi-assets-xxx)` }, { name: "description", type: "text", message: `Input project description` }, { name: "author", type: "text", message: `Input project author (Name <email@example.com>)` } ]; var generator = new import_utils.BaseGenerator({ path: (0, import_path.join)(__dirname, `../templates`), target, data: { version: "^1.1.0" }, questions }); (async function() { await generator.run(); })(); --- bin/gi-create.js (bundled) --- #!/usr/bin/env node process.env.FS_LOGGER = 'none'; require('../dist/cli');