// npm package
cwao-tools
`cwao-tools` makes CosmWasm contract development & testing too easy.
versions
11
maintainers
1
license
MIT
first publish
2024-03-27
publisher
asteroiddao
tarball
245,471 B
AUTO-PUBLISHED·1 version indexed·latest published 2024-04-07
// publisher campaignby asteroiddao
9 caught packages from this accountThis is not an isolated catch. The same publisher has shipped 8 other packages that our pipeline flagged — the shape of a coordinated campaign, not a one-off. Each link below opens that sibling's analysis.
// offending code· @0.3.0· 1 file flagged
- @0.3.0··AUTO-PUBLISHED·publisher: asteroiddaoheuristic 75/100static flags 1llm skippedmature-packageosv-flagged:MAL-2026-4545child-process-spawn
// offending code· 1 file flaggedpatterns: 1
--- package/index.js (excerpt) --- #!/usr/bin/env node const util = require("node:util") const exec = util.promisify(require("node:child_process").exec) const cmd = process.argv[2] const { cpSync, existsSync } = require("fs") const { resolve } = require("path") const { isNil } = require("ramda") const main = async () => { switch (cmd) { case "create": const appname = process.argv[3] if (isNil(appname)) { console.error("appname not specified") break } const appdir = resolve(process.cwd(), appname) if (existsSync(appdir)) { console.error(`appdir exists: ${appdir}`) break } const workspace = resolve(__dirname, "workspace") try { cpSync(workspace, appdir, { recursive: true }) const { error, stdout, stderr } = await exec( `cd ${appdir} && yarn && rm -rf .weavedb && mkdir .weavedb`, ) if (error) { console.error(`something went wrong...`) } else { console.log(`${appname} successfully created!`) } } catch (e) { console.error(e) } break default: console.error(`command not found: ${cmd}`) } } main() --- package.json (entry) --- { "name": "cwao-tools", "version": "0.3.0", "main": "index.js", "node": "^20", "bin": { "cwao": "index.js" }, "license": "MIT", "dependencies": { "cwao": "^0.3.4", "cwao-units": "^0.0.2", "ramda": "^0.29.1", "yargs": "^17.7.2" } } --- index.js (entry) --- #!/usr/bin/env node const util = require("node:util") const exec = util.promisify(require("node:child_process").exec) const cmd = process.argv[2] const { cpSync, existsSync } = require("fs") const { resolve } = require("path") const { isNil } = require("ramda") const main = async () => { switch (cmd) { case "create": const appname = process.argv[3] if (isNil(appname)) { console.error("appname not specified") break } const appdir = resolve(process.cwd(), appname) if (existsSync(appdir)) { console.error(`appdir exists: ${appdir}`) break } const workspace = resolve(__dirname, "workspace") try { cpSync(workspace, appdir, { recursive: true }) const { error, stdout, stderr } = await exec( `cd ${appdir} && yarn && rm -rf .weavedb && mkdir .weavedb`, ) if (error) { console.error(`something went wrong...`) } else { console.log(`${appname} successfully created!`) } } catch (e) { console.error(e) } break default: console.error(`command not found: ${cmd}`) } } main()
