// npm package

@antv/narrative-text-vis

React component of interactive narrative text

npmjs.com tarball

versions

maintainers

license

MIT

first publish

2021-08-23

publisher

bbsqq

tarball

4,114,475 B

AUTO-PUBLISHED·1 version indexed·latest published 2022-11-14

// exfil path

what is read → where it ships

steals

○ clipboard

sends to

(no destination string extracted — payload may be dynamic / obfuscated)

evidence in excerpt

> var extendStatics = function(d, b) {
> var extendStatics = function(d, b) {
> !function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("react"),require("antd")):"function"==typeof define&&define.amd?define(["exports","react","antd"],e):e((t="undefin…
> readonly colorNegative: "#13C2C2";

→ view full payload

// publisher campaignby bbsqq

5 caught packages from this account

This is not an isolated catch. The same publisher has shipped 4 other packages that our pipeline flagged — the shape of a coordinated campaign, not a one-off. Each link below opens that sibling's analysis.

// offending code· @0.3.16· 3 files flagged

llm: benign · 0.85

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

@0.3.16·2022-11-14·AUTO-PUBLISHED·publisher: bbsqq

heuristic 75/100

static flags 3

llm benign (0.85) via ollama

mature-packageosv-flagged:MAL-2026-4074reads-env-varschild-process-spawnclipboard-access

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

// offending code· 3 files flaggedpatterns: 3

--- package/lib/index.js (excerpt) ---
'use strict';

Object.defineProperty(exports, '__esModule', { value: true });

var React = require('react');
var antd = require('antd');

function _interopDefaultLegacy (e) { return e && typeof e === 'object' && 'default' in e ? e : { 'default': e }; }

var React__default = /*#__PURE__*/_interopDefaultLegacy(React);

/******************************************************************************
Copyright (c) Microsoft Corporation.

Permission to use, copy, modify, and/or distribute this software for any
purpose with or without fee is hereby granted.

THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
***************************************************************************** */
/* global Reflect, Promise */

var extendStatics = function(d, b) {
    extendStatics = Object.setPrototypeOf ||
        ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
        function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; };
    return extendStatics(d, b);
};

function

--- package/lib/src/NarrativeTextVis.d.ts (excerpt) ---
import { NarrativeTextSpec } from '@antv/narrative-text-schema';
import { ThemeProps, ExtensionProps, NarrativeEvents } from './interface';
export declare type NarrativeTextVisProps = ThemeProps & ExtensionProps & NarrativeEvents & {
    /**
     * @description specification of narrative text spec
     * @description.zh-CN Narrative 描述 json 信息
     */
    spec: NarrativeTextSpec;
    /**
     * @description the function to be called when copy event is listened. If it is undefined, the default behavior is to put the transformed html and plain text into user's clipboard
     * @description.监听到 copy 事件时执行的函数，可用于控制复制的内容和复制行为，如果不传，默认将会把转换后的富文本和纯文本内容放入剪切板
     */
    copyNarrative?: (content: {
        spec: NarrativeTextSpec;
        plainText: string;
        html: string;
    }) => void;
};
export declare function NarrativeTextVis({ spec, size, pluginManager, copyNarrative, ...events }: NarrativeTextVisProps): JSX.Element;


--- package/es/index.js (excerpt) ---
import React, { useRef, useDebugValue, useContext, createElement, useState, useLayoutEffect, useEffect } from 'react';
import { Tooltip } from 'antd';

/******************************************************************************
Copyright (c) Microsoft Corporation.

Permission to use, copy, modify, and/or distribute this software for any
purpose with or without fee is hereby granted.

THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
***************************************************************************** */
/* global Reflect, Promise */

var extendStatics = function(d, b) {
    extendStatics = Object.setPrototypeOf ||
        ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
        function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; };
    return extendStatics(d, b);
};

function __extends(d, b) {
    if (typeof b !== "function" && b !== null)
        throw new TypeError("Class extends value " + String(b) + " is not a constructor or null");

--- bundled output (OSV-MAL flagged — LLM scope expansion) ---

--- dist/narrative-text-vis.min.js (bundled) ---
!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("react"),require("antd")):"function"==typeof define&&define.amd?define(["exports","react","antd"],e):e((t="undefined"!=typeof globalThis?globalThis:t||self).NarrativeTextVis={},t.React,t.antd)}(this,(function(t,e,r){"use strict";function n(t){return t&&"object"==typeof t&&"default"in t?t:{default:t}}var i=n(e),o=function(t,e){return o=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(t,e){t.__proto__=e}||function(t,e){for(var r in e)Object.prototype.hasOwnProperty.call(e,r)&&(t[r]=e[r])},o(t,e)};var s,a=function(){return a=Object.assign||function(t){for(var e,r=1,n=arguments.length;r<n;r++)for(var i in e=arguments[r])Object.prototype.hasOwnProperty.call(e,i)&&(t[i]=e[i]);return t},a.apply(this,arguments)};function c(t,e){var r={};for(var n in t)Object.prototype.hasOwnProperty.call(t,n)&&e.indexOf(n)<0&&(r[n]=t[n]);if(null!=t&&"function"==typeof Object.getOwnPropertySymbols){var i=0;for(n=Object.getOwnPropertySymbols(t);i<n.length;i++)e.indexOf(n[i])<0&&Object.prototype.propertyIsEnumerable.call(t,n[i])&&(r[n[i]]=t[n[i]])}return r}function l(t,e,r,n){return new(r||(r=Promise))((function(i,o){function s(t){try{c(n.next(t))}catch(t){o(t)}}function a(t){try{c(n.throw(t))}catch(t){o(t)}}function c(t){var e;t.done?i(t.value):(e=t.value,e instanceof r?e:new r((function(t){t(e)}))).then(s,a)}c((n=n.apply(t,e||[])).next())}))}function u(t,e){var r,n,i,o,s={label:0,sent:function(){if(1&i[0])throw i[1];return i[1]},trys:[],ops:[]};return o={next:a(0),throw:a(1),return:a(2)},"function"==typeof Symbol&&(o[Symbol.iterator]=function(){return this}),o;function a(a){return function(c){return function(a){if(r)throw new TypeError("Generator is already executing.");for(;o&&(o=0,a[0]&&(s=0)),s;)try{if(r=1,n&&(i=2&a[0]?n.return:a[0]?n.throw||((i=n.return)&&i.call(n),0):n.next)&&!(i=i.call(n,a[1])).done)return i;switch(n=0,i&&(a=[2&a[0],i.value]),a[0]){case 0:case 1:i=a;break;case 4:return 

--- dist/setupTests.d.ts (bundled) ---
export {};


--- dist/src/NarrativeTextVis.d.ts (bundled) ---
import { NarrativeTextSpec } from '@antv/narrative-text-schema';
import { ThemeProps, ExtensionProps, NarrativeEvents } from './interface';
export declare type NarrativeTextVisProps = ThemeProps & ExtensionProps & NarrativeEvents & {
    /**
     * @description specification of narrative text spec
     * @description.zh-CN Narrative 描述 json 信息
     */
    spec: NarrativeTextSpec;
    /**
     * @description the function to be called when copy event is listened. If it is undefined, the default behavior is to put the transformed html and plain text into user's clipboard
     * @description.监听到 copy 事件时执行的函数，可用于控制复制的内容和复制行为，如果不传，默认将会把转换后的富文本和纯文本内容放入剪切板
     */
    copyNarrative?: (content: {
        spec: NarrativeTextSpec;
        plainText: string;
        html: string;
    }) => void;
};
export declare function NarrativeTextVis({ spec, size, pluginManager, copyNarrative, ...events }: NarrativeTextVisProps): JSX.Element;


--- dist/src/index.d.ts (bundled) ---
export { NarrativeTextVis } from './NarrativeTextVis';
export type { NarrativeTextVisProps } from './NarrativeTextVis';
export { Section } from './section';
export { Paragraph, Headline } from './paragraph';
export { Phrase } from './phrases';
export { ArrowUp, ArrowDown } from './assets/icons';
export * from './line-charts';
export * as NStyledComponents from './styled';
export * from '@antv/narrative-text-schema';
export * from './chore/plugin';
export * from './chore/exporter';
export { seedToken } from './theme';


--- dist/src/interface.d.ts (bundled) ---
import { EntityType, NarrativeTextSpec, SectionSpec, ParagraphSpec, PhraseSpec, HeadlineSpec, BulletItemSpec } from '@antv/narrative-text-schema';
import { PluginManager } from './chore/plugin';
export declare type PhraseType = 'text' | EntityType | null;
export declare type ThemeProps = {
    /**
     * @description size of text
     * @description.zh-CN 文本大小
     */
    size?: 'normal' | 'small';
};
export declare type ExtensionProps = {
    /**
     * @description extension plugin
     * @description.zh-CN 扩展插件
     */
    pluginManager?: PluginManager;
};
export declare type PhraseEvents = Partial<{
    onClickPhrase: (spec: PhraseSpec) => void;
    onMouseEnterPhrase: (spec: PhraseSpec) => void;
    onMouseLeavePhrase: (spec: PhraseSpec) => void;
}>;
declare type NormalParagraphSpec = HeadlineSpec | ParagraphSpec | BulletItemSpec;
export declare type ParagraphEvents = PhraseEvents & Partial<{
    onClickParagraph: (spec: NormalParagraphSpec) => void;
    onMouseEnterParagraph: (spec: NormalParagraphSpec) => void;
    onMouseLeaveParagraph: (spec: NormalParagraphSpec) => void;
}>;
export declare type SectionEvents = ParagraphEvents & Partial<{
    onClickSection: (spec: SectionSpec) => void;
    onMouseEnterSection: (spec: SectionSpec) => void;
    onMouseLeaveSection: (spec: SectionSpec) => void;
}>;
export declare type NarrativeEvents = SectionEvents & Partial<{
    onClickNarrative: (spec: NarrativeTextSpec) => void;
    onMouseEnterNarrative: (spec: NarrativeTextSpec) => void;
    onMouseLeaveNarrative: (spec: NarrativeTextSpec) => void;
    onCopySuccess: (e?: ClipboardEvent) => void;
    onCopyFailure: (e?: ClipboardEvent) => void;
}>;
export {};


--- dist/src/utils/classnames.d.ts (bundled) ---
/** connect cls, remove empty */
export declare const classnames: (...cls: string[]) => string;


--- dist/src/utils/elementContainsSelection.d.ts (bundled) ---
/**
 * 判断选区是否在指定元素内
 */
export declare function elementContainsSelection(el: HTMLElement): boolean;


--- dist/src/utils/functionalize.d.ts (bundled) ---
import { TypeOrMetaReturnType } from '@antv/narrative-text-schema';
export declare function functionalize<T>(val: TypeOrMetaReturnType<T>, defaultVal: T | undefined): (value: string, metadata: import("@antv/narrative-text-schema").EntityMetaData) => T;


--- dist/src/utils/getPrefixCls.d.ts (bundled) ---
export declare const getPrefixCls: (suffixCls?: string) => string;


--- dist/src/utils/index.d.ts (bundled) ---
export { getPrefixCls } from './getPrefixCls';
export { classnames } from './classnames';
export { functionalize } from './functionalize';
export { elementContainsSelection } from './elementContainsSelection';


--- dist/src/theme/getFontSize.d.ts (bundled) ---
import type { ThemeProps } from '../interface';
export default function getFontSize({ size }: ThemeProps): string;


--- dist/src/theme/index.d.ts (bundled) ---
export { seedToken } from './seed';
export { default as getFontSize } from './getFontSize';


--- dist/src/theme/seed.d.ts (bundled) ---
export declare const seedToken: {
    readonly colorBase: "rgba(0, 0, 0, 0.65)";
    readonly colorEntityBase: "#404040";
    readonly colorPositive: "#FA541C";
    readonly colorNegative: "#13C2C2";
    readonly colorConclusion: "#030852";
    readonly colorDimensionValue: "#391085";
    readonly colorMetricName: "rgba(0, 0, 0, 0.88)";
    readonly colorMetricValue: "#1677FF";
    readonly colorOtherValue: "#1677FF";
    readonly fontSizeBase: 14;
    readonly fontSizeSmall: 12;
};


--- dist/src/styled/bullet.d.ts (bundled) ---
import type { ThemeProps } from '../interface';
export declare const Bullet: import("styled-components").StyledComponent<"div", any, ThemeProps, never>;
export declare const Ol: import("styled-components").StyledComponent<"div", any, ThemeProps, never>;
export declare const Ul: import("styled-components").StyledComponent<"div", any, ThemeProps, never>;
export declare const Li: import("styled-components").StyledComponent<"li", any, {}, never>;


--- dist/src/styled/container.d.ts (bundled) ---
import type { ThemeProps } from '../interface';
export declare const Container: import("styled-components").StyledComponent<"div", any, ThemeProps, never>;


--- dist/src/styled/entity.d.ts (bundled) ---
import { ThemeProps } from '../interface';
export declare const Entit