// npm package
ai3
weekly
27
monthly
107
versions
12
maintainers
1
license
MIT
first publish
2025-01-15
publisher
asteroiddao
tarball
1,143,644 B
AUTO-PUBLISHED·2 versions indexed·latest published 2026-05-26
// publisher campaignby asteroiddao
9 caught packages from this accountThis is not an isolated catch. The same publisher has shipped 8 other packages that our pipeline flagged — the shape of a coordinated campaign, not a one-off. Each link below opens that sibling's analysis.
// offending code· @0.3.5· 2 files flagged
llm: benign · 0.85→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
- @0.3.5··AUTO-PUBLISHED·publisher: asteroiddaoheuristic 89/100static flags 1llm benign (0.85) via ollamainstall-scripts:preinstallnew-publisher:1dmature-packagepublisher-multi-name-burst:16publisher-version-pump:17osv-flagged:MAL-2026-4476eval-dynamic
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
// offending code· 2 files flaggedpatterns: 1
--- install scripts --- ### preinstall ./.github/scripts/precheck --- package/esm/llm.js (excerpt) --- import { clone } from "ramda" import MarkdownIt from "markdown-it" import { AI3 } from "./index.js" import { last } from "ramda" import { src as _src, test as _test } from "./llm_src.js" export default class LLM { constructor({ example, config, test = _test, src = _src, comp, goal, vars, before, after, players, write = () => {}, }) { this.write = write this.vars = vars this.before = before this.after = after this.players = players this.goal = goal this.messages = [] this.codes = [] const _example = example ?? `const fn = ({ v, s, r, i }) => { const buy_amount = 7 // buying 7 $AI r.ai -= buy_amount // reduce AI liquidity const usdc = r.k / r.ai // compute usdc liquidity const sell_amount = usdc - r.usdc // sold USDC r.usdc = usdc // update USDC liquidity r.price = r.usdc / r.ai // update AI price r.total_buy += buy_amount // record total buy amount s[i].buy = buy_amount // record buy amount r.ai_bag_usdc -= sell_amount // reduce sold USDC from the bag r.ai_bag_ai += buy_amount // add bought AI to the bag } ` this.example = `An example implementation. Return your answer in this format. \`\`\`javascript ${example} \`\`\` Do not export the function. Use this example as the starting point. Do not change the arguments ({v, s, r, i}) and parameters of the "fn" function. Do not return anything from the "fn" function. Do not define anything outside the "fn" fu --- package/cjs/llm.js (excerpt) --- "use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports["default"] = void 0; var _ramda = require("ramda"); var _markdownIt = _interopRequireDefault(require("markdown-it")); var _index = require("./index.js"); var _llm_src = require("./llm_src.js"); function _interopRequireDefault(e) { return e && e.__esModule ? e : { "default": e }; } function _typeof(o) { "@babel/helpers - typeof"; return _typeof = "function" == typeof Symbol && "symbol" == typeof Symbol.iterator ? function (o) { return typeof o; } : function (o) { return o && "function" == typeof Symbol && o.constructor === Symbol && o !== Symbol.prototype ? "symbol" : typeof o; }, _typeof(o); } function _regeneratorRuntime() { "use strict"; /*! regenerator-runtime -- Copyright (c) 2014-present, Facebook, Inc. -- license (MIT): https://github.com/facebook/regenerator/blob/main/LICENSE */ _regeneratorRuntime = function _regeneratorRuntime() { return e; }; var t, e = {}, r = Object.prototype, n = r.hasOwnProperty, o = Object.defineProperty || function (t, e, r) { t[e] = r.value; }, i = "function" == typeof Symbol ? Symbol : {}, a = i.iterator || "@@iterator", c = i.asyncIterator || "@@asyncIterator", u = i.toStringTag || "@@toStringTag"; function define(t, e, r) { return Object.defineProperty(t, e, { value: r, enumerable: !0, configurable: !0, writable: !0 }), t[e]; } try { define({}, ""); } catch (t) { define = function define(t, e, r) { return t[e] = r; }; } function wrap(t, e, r, n) { var i
