// npm package
@cap-js/openapi
CAP tool for OpenAPI
versions
19
maintainers
3
license
Apache-2.0
first publish
2024-05-02
publisher
GitHub Actions
tarball
165,455 B
AUTO-PUBLISHED·1 version indexed·latest published 2026-05-18
// publisher campaignby GitHub Actions
5 caught packages from this accountThis is not an isolated catch. The same publisher has shipped 4 other packages that our pipeline flagged — the shape of a coordinated campaign, not a one-off. Each link below opens that sibling's analysis.
// offending code· @1.4.2· 1 file flagged
llm: benign · 0.85→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s), 1 other host(s).
- @1.4.2··AUTO-PUBLISHED·publisher: GitHub Actionsheuristic 75/100static flags 1llm benign (0.85) via ollamamature-packageosv-flagged:MAL-2026-4161public-github-push
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s), 1 other host(s).
// offending code· 1 file flaggedpatterns: 1
--- package/package.json (excerpt) --- { "name": "@cap-js/openapi", "version": "1.4.2", "description": "CAP tool for OpenAPI", "repository": { "type": "git", "url": "git+https://github.com/cap-js/openapi.git" }, "homepage": "https://cap.cloud.sap/", "keywords": [ "CAP", "CDS", "OpenAPI", "Node.js" ], "author": "SAP SE (https://www.sap.com)", "license": "Apache-2.0", "main": "index.js", "files": [ "lib/", "LICENSE" ], "scripts": { "test": "node --test", "lint": "npx eslint .", "check:types": "npx tsc", "gen:coverage": "node --test --experimental-test-coverage --test-reporter=lcov --test-reporter-destination=lcov.info", "gen:call-graph": "node scripts/generate-call-graph-svg.js", "regenerate": "node scripts/regenerate.js" }, "dependencies": { "pluralize": "^8.0.0" }, "peerDependencies": { "@sap/cds": ">=7.6" }, "devDependencies": { "@types/node": "^25.0.3", "eslint": "^9.33.0", "typescript": "^5.9.2", "@mermaid-js/mermaid-cli": "^11.12.0" } } --- package.json (entry) --- { "name": "@cap-js/openapi", "version": "1.4.2", "description": "CAP tool for OpenAPI", "repository": { "type": "git", "url": "git+https://github.com/cap-js/openapi.git" }, "homepage": "https://cap.cloud.sap/", "keywords": [ "CAP", "CDS", "OpenAPI", "Node.js" ], "author": "SAP SE (https://www.sap.com)", "license": "Apache-2.0", "main": "index.js", "files": [ "lib/", "LICENSE" ], "scripts": { "test": "node --test", "lint": "npx eslint .", "check:types": "npx tsc", "gen:coverage": "node --test --experimental-test-coverage --test-reporter=lcov --test-reporter-destination=lcov.info", "gen:call-graph": "node scripts/generate-call-graph-svg.js", "regenerate": "node scripts/regenerate.js" }, "dependencies": { "pluralize": "^8.0.0" }, "peerDependencies": { "@sap/cds": ">=7.6" }, "devDependencies": { "@types/node": "^25.0.3", "eslint": "^9.33.0", "typescript": "^5.9.2", "@mermaid-js/mermaid-cli": "^11.12.0" } } --- index.js (entry) --- const { compileToOpenAPI } = require('./lib/compile'); module.exports = { compile: compileToOpenAPI }