// npm package
wdb-sdk
versions
30
maintainers
1
first publish
2025-06-17
publisher
asteroiddao
tarball
97,007 B
AUTO-PUBLISHED·1 version indexed·latest published 2025-10-28
// publisher campaignby asteroiddao
9 caught packages from this accountThis is not an isolated catch. The same publisher has shipped 8 other packages that our pipeline flagged — the shape of a coordinated campaign, not a one-off. Each link below opens that sibling's analysis.
// offending code· @0.1.1· 2 files flagged
- @0.1.1··AUTO-PUBLISHED·publisher: asteroiddaoheuristic 75/100static flags 1llm skippedmature-packageosv-flagged:MAL-2026-4714child-process-spawn
// offending code· 2 files flaggedpatterns: 1
--- package/esm/db.js (excerpt) --- import { HB } from "wao" import { toAddr } from "wao/utils" import { includes, filter } from "ramda" const wait = ms => new Promise(res => setTimeout(() => res(), ms)) import { verify as _verify, httpsig_from, structured_to } from "hbsig" const toMsg = async req => { let req2 = {} for (const k in req?.headers ?? {}) req2[k] = req.headers[k] if (typeof req.body?.text === "function") { req2.body = await req.body.text() } else if (req.body) req2.body = req.body return req2 } const verify = async req => { let valid = false let address = null let query = null let ts = Date.now() try { const { valid, keyId, decodedSignatureInput: { components }, } = await _verify(req) address = toAddr(keyId) const msg = structured_to(httpsig_from(await toMsg(req))) query = JSON.parse(msg.query) return { valid, address, query, ts, fields: components } } catch (e) { console.log(e) return { err: true, valid, address, query, ts, fields: null } } } const stack = { nosql: [ "wdb-normalize@1.0", "wdb-verify@1.0", "wdb-parse@1.0", "wdb-auth@1.0", "wdb-write@1.0", ], sql: [ "wdb-normalize@1.0", "wdb-verify@1.0", "wdb-parse-sql@1.0", "wdb-write-sql@1.0", ], vec: [ "wdb-normalize@1.0", "wdb-verify@1.0", "wdb-parse-vec@1.0", "wdb-write-vec@1.0", ], } export default class DB { constructor({ url = `http://localhost:6364`, jwk, id, hb, mem, nonce }) { let _hb = null --- package/cjs/db.js (excerpt) --- "use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports["default"] = void 0; var _wao = require("wao"); var _utils = require("wao/utils"); var _ramda = require("ramda"); var _hbsig = require("hbsig"); function _toConsumableArray(r) { return _arrayWithoutHoles(r) || _iterableToArray(r) || _unsupportedIterableToArray(r) || _nonIterableSpread(); } function _nonIterableSpread() { throw new TypeError("Invalid attempt to spread non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method."); } function _unsupportedIterableToArray(r, a) { if (r) { if ("string" == typeof r) return _arrayLikeToArray(r, a); var t = {}.toString.call(r).slice(8, -1); return "Object" === t && r.constructor && (t = r.constructor.name), "Map" === t || "Set" === t ? Array.from(r) : "Arguments" === t || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(t) ? _arrayLikeToArray(r, a) : void 0; } } function _iterableToArray(r) { if ("undefined" != typeof Symbol && null != r[Symbol.iterator] || null != r["@@iterator"]) return Array.from(r); } function _arrayWithoutHoles(r) { if (Array.isArray(r)) return _arrayLikeToArray(r); } function _arrayLikeToArray(r, a) { (null == a || a > r.length) && (a = r.length); for (var e = 0, n = Array(a); e < a; e++) n[e] = r[e]; return n; } function _typeof(o) { "@babel/helpers - typeof"; return _typeof = "function" == typeof Symbol && "symbol" == typeof Symbol.iterator ? function (o) { return typeof o; } :
