// npm 패키지
@antv/github-config-cli
CLI for AntV's shared GitHub templates and workflows.
주간
47
월간
92
버전
5
메인테이너
51
라이선스
MIT
최초 publish
2025-02-07
publisher
atool
tarball
39,799 B
AUTO-PUBLISHED·1개 버전 인덱싱됨·최근 publish: 2025-08-13
// publisher 캠페인by atool
이 계정에서 catch된 패키지 9건고립된 catch가 아닙니다. 동일 publisher가 8개의 다른 패키지를 추가로 발행했고, 모두 파이프라인이 catch했습니다 — 일회성이 아닌 조직적 캠페인의 형태. 아래 링크는 각 형제 catch의 분석으로 이동합니다.
// offending code· @0.1.0· no static-pattern hits
llm: benign · 0.85→ 의심 전송지 없음, 원격 실행 형태 없음 — 2 known-vendor host(s).
- @0.1.0··AUTO-PUBLISHED·publisher: atoolheuristic 75/100static flags 0llm benign (0.85) via ollamapublisher-multi-name-burst:5osv-flagged:MAL-2026-4018
→ 의심 전송지 없음, 원격 실행 형태 없음 — 2 known-vendor host(s).
// offending code· no static-pattern hits
--- package.json (entry) --- { "name": "@antv/github-config-cli", "version": "0.1.0", "repository": "https://github.com/antvis/github-config", "keywords": [ "antv" ], "description": "CLI for AntV's shared GitHub templates and workflows.", "bin": { "sync-shared-config": "scripts/sync-shared-config.js" }, "author": "yvonneyx", "publishConfig": { "registry": "https://registry.npmjs.org/", "access": "public" }, "dependencies": { "commander": "^13.1.0" }, "license": "MIT" } --- bundled output (OSV-MAL flagged — LLM scope expansion) --- --- scripts/sync-shared-config.js (bundled) --- #!/usr/bin/env node const fs = require('fs').promises; const path = require('path'); const { execSync } = require('child_process'); const { program } = require('commander'); program .name('sync-shared-config') .description('同步 AntV 共享的 GitHub 配置') .option('-i, --issue-templates', '仅同步 Issue 模板') .option('-w, --workflows', '仅同步 GitHub Actions 工作流') .parse(); const options = program.opts(); async function syncConfig() { try { const sourceRepo = 'antvis/github-config'; const tempRepo = 'github-config-temp'; const destGithubDir = path.join(process.cwd(), '.github'); await fs.mkdir(destGithubDir, { recursive: true }); console.log('�� 下载 GitHub 配置...'); execSync(`git clone --depth 1 https://github.com/${sourceRepo}.git ${tempRepo}`); console.log('�� 合并 GitHub 配置...'); if (!options.issueTemplates && !options.workflows) { // 同步所有内容 await fs.cp(path.join(tempRepo, '.github'), destGithubDir, { recursive: true, force: true, }); } else { // 选择性同步 if (options.issueTemplates) { const templateDir = path.join(tempRepo, '.github/ISSUE_TEMPLATE'); const destTemplateDir = path.join(destGithubDir, 'ISSUE_TEMPLATE'); await fs.cp(templateDir, destTemplateDir, { recursive: true, force: true, }); } if (options.workflows) { const workflowDir = path.join(tempRepo, '.github/workflows'); const destWorkflowDir = path.join(destGithubDir, 'workflows'); await fs.cp(workflowDir, destWorkflowDir, { recursive: true, force: true, }); } } // 清理临时目录 await fs.rm(tempRepo, { recursive: true, force: true }); // 需要移除的子路径列表 const excludePaths = ['workflows/scripts']; for (const excludePath of excludePaths) { const _excludePath = path.join(destGithubDir, excludePath); try { await fs.access(_excludePath); await fs.rm(_excludePath, { rec