// npm package
ribbon.js
only 1kb javascript gist to generate a ribbon in your website with HTML5 canvas.
versions
3
maintainers
1
license
MIT
first publish
2016-11-22
publisher
atool
tarball
56,897 B
AUTO-PUBLISHED·1 version indexed·latest published 2018-05-26
// publisher campaignby atool
9 caught packages from this accountThis is not an isolated catch. The same publisher has shipped 8 other packages that our pipeline flagged — the shape of a coordinated campaign, not a one-off. Each link below opens that sibling's analysis.
// offending code· @1.0.2· no static-pattern hits
llm: benign · 0.85→ No suspicious destination, no remote-exec shape — 2 known-vendor host(s), 1 other host(s).
- @1.0.2··AUTO-PUBLISHED·publisher: atoolheuristic 75/100static flags 0llm benign (0.85) via ollamapublisher-multi-name-burst:5osv-flagged:MAL-2026-4152
→ No suspicious destination, no remote-exec shape — 2 known-vendor host(s), 1 other host(s).
// offending code· no static-pattern hits
--- package.json (entry) --- { "name": "ribbon.js", "officialName": "ribbon.js", "version": "1.0.2", "summary": "only 1kb javascript gist to generate a ribbon in your website with HTML5 canvas.", "description": "only 1kb javascript gist to generate a ribbon in your website with HTML5 canvas.", "author": { "name": "hustcc", "url": "http://aibq.cn/" }, "homepage": "http://aibq.cn/", "license": "MIT", "keywords": [ "canvas", "html5", "ribbon" ], "main": "dist/ribbon.js", "repository": { "type": "git", "url": "https://github.com/hustcc/ribbon.js" }, "bugs": { "url": "https://github.com/hustcc/ribbon.js/issues" }, "devDependencies": { "gulp": "^3.9.0", "gulp-uglify": "^1.5.3", "jshint": "^2.9.2", "gulp-rename": "^1.2.2", "gulp-inject-version": "^1.0.1" }, "scripts": { "lint": "jshint src/ribbon.js", "test": "npm run lint && node test/index.js", "build": "gulp mini && npm run test" }, "dependencies": { } } --- index.js (entry) --- console.log("TODO"); --- bundled output (OSV-MAL flagged — LLM scope expansion) --- --- dist/ribbon.js (bundled) --- /** * Copyright (c) 2016 hustcc * License: MIT * Version: v1.0.1 * GitHub: https://github.com/hustcc/ribbon.js **/ /*jshint -W030 */ ! function() { function attr(node, attr, default_value) { return Number(node.getAttribute(attr)) || default_value; } // get user config var scripts = document.getElementsByTagName('script'), script = scripts[scripts.length - 1]; // 当前加载的script config = { z: attr(script, "zIndex", -1), // z-index a: attr(script, "alpha", 0.6), // alpha s: attr(script, "size", 90), // size }; var canvas = document.createElement('canvas'), g2d = canvas.getContext('2d'), pr = window.devicePixelRatio || 1, width = window.innerWidth, height = window.innerHeight, f = config.s, q, t, m = Math, r = 0, pi = m.PI*2, cos = m.cos, random = m.random; canvas.width = width * pr; canvas.height = height * pr; g2d.scale(pr, pr); g2d.globalAlpha = config.a; canvas.style.cssText = 'opacity: ' + config.a + ';position:fixed;top:0;left:0;z-index: ' + config.z + ';width:100%;height:100%;pointer-events:none;'; // create canvas document.getElementsByTagName('body')[0].appendChild(canvas); function redraw() { g2d.clearRect(0, 0, width, height); q = [{x: 0, y: height * 0.7 + f}, {x: 0, y: height * 0.7 - f}]; while(q[1].x < width + f) draw(q[0], q[1]); } function draw(i, j) { g2d.beginPath(); g2d.moveTo(i.x, i.y); g2d.lineTo(j.x, j.y); var k = j.x + (random()*2-0.25)*f, n = line(j.y); g2d.lineTo(k, n); g2d.closePath(); r -= pi / -50; g2d.fillStyle = '#'+(cos(r)*127+128<<16 | cos(r+pi/3)*127+128<<8 | cos(r+pi/3*2)*127+128).toString(16); g2d.fill(); q[0] = q[1]; q[1] = {x: k, y: n}; } function line(p){ t = p + (random() * 2 - 1.1) * f; return (t > height || t < 0) ? line(p) : t; } document.onclick = redraw; document.ontouchstart = redraw; redraw(); }(); --- dist/ribbon.min.js (bundled) --- /** * Copyright (c) 2016 hustcc * License: MIT * Version: v1.0.1 * GitHub: https://github.com/hustcc/ribbon.js **/ !function(){function e(e,t,n){return Number(e.getAttribute(t))||n}function t(){for(r.clearRect(0,0,h,s),a=[{x:0,y:.7*s+f},{x:0,y:.7*s-f}];a[1].x<h+f;)n(a[0],a[1])}function n(e,t){r.beginPath(),r.moveTo(e.x,e.y),r.lineTo(t.x,t.y);var n=t.x+(2*p()-.25)*f,o=i(t.y);r.lineTo(n,o),r.closePath(),m-=x/-50,r.fillStyle="#"+(127*y(m)+128<<16|127*y(m+x/3)+128<<8|127*y(m+x/3*2)+128).toString(16),r.fill(),a[0]=a[1],a[1]={x:n,y:o}}function i(e){return l=e+(2*p()-1.1)*f,l>s||l<0?i(e):l}var o=document.getElementsByTagName("script"),c=o[o.length-1];config={z:e(c,"zIndex",-1),a:e(c,"alpha",.6),s:e(c,"size",90)};var a,l,d=document.createElement("canvas"),r=d.getContext("2d"),g=window.devicePixelRatio||1,h=window.innerWidth,s=window.innerHeight,f=config.s,u=Math,m=0,x=2*u.PI,y=u.cos,p=u.random;d.width=h*g,d.height=s*g,r.scale(g,g),r.globalAlpha=config.a,d.style.cssText="opacity: "+config.a+";position:fixed;top:0;left:0;z-index: "+config.z+";width:100%;height:100%;pointer-events:none;",document.getElementsByTagName("body")[0].appendChild(d),document.onclick=t,document.ontouchstart=t,t()}();