// npm 패키지
vestibulect
list of contributors in vestibule ORG
버전
2
메인테이너
1
라이선스
MIT
최초 publish
2026-05-17
publisher
bashneko
tarball
9,669 B
AUTO-PUBLISHED·1개 버전 인덱싱됨·최근 publish: 2026-05-17
// offending code· @0.0.2· 2 files flagged
llm: benign · 0.85→ 의심 전송지 없음, 원격 실행 형태 없음 — 2 known-vendor host(s).
- @0.0.2··AUTO-PUBLISHED·publisher: bashnekoheuristic 75/100static flags 2llm benign (0.85) via ollamainstall-scripts:postinstallnew-publisher:9dfirst-version-suspicious-publisherosv-flagged:MAL-2026-4702child-process-spawnarchive-then-upload
→ 의심 전송지 없음, 원격 실행 형태 없음 — 2 known-vendor host(s).
// offending code· 2 files flaggedpatterns: 2
--- install scripts --- ### postinstall node install.js --- package/index.js (excerpt) --- #!/usr/bin/env node 'use strict'; const path = require('path'); const fs = require('fs'); const { spawn } = require('child_process'); const binaryName = "vbct"; const executable = process.platform === 'win32' ? binaryName + '.exe' : binaryName; const binaryPath = path.join(__dirname, 'bin', executable); if (!fs.existsSync(binaryPath)) { console.error('[drb99] Binary is missing. Reinstall the package to trigger postinstall.'); process.exit(1); } const child = spawn(binaryPath, process.argv.slice(2), { stdio: 'inherit' }); child.on('error', (err) => { console.error('[drb99] Failed to start binary:', err.message); process.exit(1); }); child.on('exit', (code, signal) => { if (signal) { process.kill(process.pid, signal); return; } process.exit(code === null ? 1 : code); }); --- package/install.js (excerpt) --- #!/usr/bin/env node 'use strict'; const fs = require('fs'); const path = require('path'); const https = require('https'); const tar = require('tar'); const zlib = require('zlib'); const binaryName = "vbct"; const targetDir = path.join(__dirname, 'bin'); const platformKey = process.platform + '-' + process.arch; const assets = { "darwin-arm64": { urls: ["https://github.com/h3yng/vbct/releases/download/v0.0.1/vbct_0.0.1_darwin_arm64.tar.gz",], fileName: "vbct_v0.0.1_macos_arm64.tar.gz", archive: "tar.gz" }, "linux-x64": { urls: ["https://github.com/h3yng/vbct/releases/download/v0.0.1/vbct_0.0.1_linux_amd64.tar.gz",], fileName: "vbct_v0.0.1_linux_amd64.tar.gz", archive: "tar.gz" }, }; function fail(message, details) { const extra = details ? '\n' + details : ''; console.error('[drb99] ' + message + extra); process.exit(1); } function ensureDir(dir) { fs.mkdirSync(dir, { recursive: true }); } function findBinaryFile(dir) { const expectedNames = new Set([binaryName, binaryName + '.exe']); const entries = fs.readdirSync(dir, { withFileTypes: true }).sort((a, b) => a.name.localeCompare(b.name)); for (const entry of entries) { const entryPath = path.join(dir, entry.name); if (entry.isFile()) { if (expectedNames.has(entry.name)) { return entryPath; } continue; } if (entry.isDirectory()) { const nested = findBinaryFile(entryPath); if (nested) { return nested; } }
