// npm package
arnext-arkb
versions
1
maintainers
1
license
MIT
first publish
2024-10-24
publisher
asteroiddao
tarball
99,115 B
AUTO-PUBLISHED·1 version indexed·latest published 2024-10-24
// publisher campaignby asteroiddao
9 caught packages from this accountThis is not an isolated catch. The same publisher has shipped 8 other packages that our pipeline flagged — the shape of a coordinated campaign, not a one-off. Each link below opens that sibling's analysis.
// offending code· @0.0.1· 1 file flagged
- @0.0.1··AUTO-PUBLISHED·publisher: asteroiddaoheuristic 75/100static flags 1llm skippedfirst-version-of-packageosv-flagged:MAL-2026-4483base64-decode
// offending code· 1 file flaggedpatterns: 1
--- package/bin/utils/wallet.js (excerpt) --- "use strict"; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); exports.getWallet = void 0; const fs_1 = __importDefault(require("fs")); const cli_questions_1 = __importDefault(require("./cli-questions")); const crypter_1 = __importDefault(require("./crypter")); const utils_1 = require("./utils"); async function getWallet(walletPath, config, debug, colors) { let wallet; const walletEncr = config.get('wallet'); if (walletPath) { if (typeof walletPath !== 'string') { console.log((0, utils_1.parseColor)(colors, 'The wallet must be specified.', 'red')); return; } try { wallet = JSON.parse(fs_1.default.readFileSync(walletPath, 'utf8')); } catch (e) { console.log((0, utils_1.parseColor)(colors, 'Invalid wallet path.', 'red')); if (debug) console.log(e); return; } } if (!wallet) { if (walletEncr) { const res = await cli_questions_1.default.askWalletPassword(); const crypter = new crypter_1.default(res.password); try { const decrypted = crypter.decrypt(Buffer.from(walletEncr, 'base64')); wallet = JSON.parse(decrypted.toString()); } catch (e) { console.log((0, utils_1. --- bundled output (OSV-MAL flagged — LLM scope expansion) --- --- bin/utils/cli-questions.js (bundled) --- "use strict"; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); const cli_color_1 = __importDefault(require("cli-color")); const inquirer_1 = __importDefault(require("inquirer")); const cliQuestions = { askWalletPassword: (message = 'Type your password') => { return inquirer_1.default.prompt([ { name: 'password', type: 'password', message, validate: (val) => { if (val.length) { return true; } return 'Please enter a password'; }, }, ]); }, showConfirm: () => { return inquirer_1.default.prompt([ { name: 'confirm', type: 'confirm', message: cli_color_1.default.greenBright('Carefully check the above details are correct, then confirm to complete this upload'), }, ]); }, }; exports.default = cliQuestions;
