// npm package
@pipedream/pumble
Pipedream Pumble Components
weekly
2
monthly
16
versions
3
maintainers
8
first publish
2024-05-24
publisher
adolfo-pd
tarball
16,175 B
AUTO-PUBLISHED·1 version indexed·latest published 2026-05-29
// publisher campaignby adolfo-pd
9 caught packages from this accountThis is not an isolated catch. The same publisher has shipped 8 other packages that our pipeline flagged — the shape of a coordinated campaign, not a one-off. Each link below opens that sibling's analysis.
// offending code· @0.2.0· no static-pattern hits
llm: benign · 0.85→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
- @0.2.0··AUTO-PUBLISHED·publisher: adolfo-pdheuristic 99/100static flags 0llm benign (0.85) via ollamanew-publisher:10drecent-owner-changepublisher-multi-name-burst:128publisher-version-pump:129dormant-takeover:prev=casret@0.1.0
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
// offending code· no static-pattern hits
--- package.json (entry) --- { "name": "@pipedream/pumble", "version": "0.2.0", "description": "Pipedream Pumble Components", "main": "pumble.app.mjs", "keywords": [ "pipedream", "pumble" ], "homepage": "https://pipedream.com/apps/pumble", "author": "Pipedream <support@pipedream.com> (https://pipedream.com/)", "publishConfig": { "access": "public" }, "dependencies": { "@pipedream/platform": "^2.0.2" } }
