// npm package
weavedb-base
A decentralized NoSQL database powered by Arweave.
versions
114
maintainers
1
license
MIT
first publish
2022-10-10
publisher
asteroiddao
tarball
67,455 B
AUTO-PUBLISHED·1 version indexed·latest published 2026-05-27
// publisher campaignby asteroiddao
9 caught packages from this accountThis is not an isolated catch. The same publisher has shipped 8 other packages that our pipeline flagged — the shape of a coordinated campaign, not a one-off. Each link below opens that sibling's analysis.
// offending code· @0.45.4· 2 files flagged
- @0.45.4··AUTO-PUBLISHED·publisher: asteroiddaoheuristic 75/100static flags 2llm skippedmature-packagehas-source-repoosv-flagged:MAL-2026-4715function-constructorbase64-decode
// offending code· 2 files flaggedpatterns: 2
--- package/index.js (excerpt) --- const pako = require("pako") const elliptic = require("elliptic") const EthCrypto = require("eth-crypto") const { providers, Contract, utils } = require("ethers") const md5 = require("md5") const { keccak256 } = require("./keccak") const versions = require("./versions") const { startAuthentication, startRegistration, base64URLStringToBuffer, } = require("./webauthn") const { generateRegistrationOptions, verifyRegistrationResponse, generateAuthenticationOptions, verifyAuthenticationResponse, } = require("@simplewebauthn/server") //const buildEddsa = require("circomlibjs").buildEddsa const { pick, includes, all, complement, init, is, last, isNil, mergeLeft, clone, tail, map, splitWhen, } = require("ramda") const ethSigUtil = require("@metamask/eth-sig-util") const { privateToAddress } = require("ethereumjs-util") const EIP712Domain = [ { name: "name", type: "string" }, { name: "version", type: "string" }, { name: "verifyingContract", type: "string" }, ] const is_data = [ "set", "setSchema", "setRules", "addIndex", "removeIndex", "add", "update", "upsert", "addTrigger", "removeTrigger", ] const no_paths = [ "nonce", "ids", "validities", "getCrons", "getAlgorithms", "getLinkedContract", "getOwner", "getAddressLink", "getRelayerJob", "listRelayerJobs", "getEvolve", "getInfo", "getTokens", "getBundlers", "addCron", "removeCron", "setAlgorithms", "addRelayerJob", "removeRelayer --- package/webauthn.js (excerpt) --- /* [@simplewebauthn/browser@7.2.0] */ function utf8StringToBuffer(value) { return new TextEncoder().encode(value) } function bufferToBase64URLString(buffer) { const bytes = new Uint8Array(buffer) let str = "" for (const charCode of bytes) { str += String.fromCharCode(charCode) } const base64String = btoa(str) return base64String.replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "") } function base64URLStringToBuffer(base64URLString) { const base64 = base64URLString.replace(/-/g, "+").replace(/_/g, "/") const padLength = (4 - (base64.length % 4)) % 4 const padded = base64.padEnd(base64.length + padLength, "=") const binary = atob(padded) const buffer = new ArrayBuffer(binary.length) const bytes = new Uint8Array(buffer) for (let i = 0; i < binary.length; i++) { bytes[i] = binary.charCodeAt(i) } return buffer } function browserSupportsWebAuthn() { return ( window?.PublicKeyCredential !== undefined && typeof window.PublicKeyCredential === "function" ) } function toPublicKeyCredentialDescriptor(descriptor) { const { id } = descriptor return { ...descriptor, id: base64URLStringToBuffer(id), transports: descriptor.transports, } } function isValidDomain(hostname) { return ( hostname === "localhost" || /^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(hostname) ) } class WebAuthnError extends Error { code constructor({ message, code, cause, name }) { super(message, { cause }) this.name
