// npm package
weavedb-console
versions
2
maintainers
1
license
MIT
first publish
2022-09-13
publisher
asteroiddao
tarball
1,750,157 B
AUTO-PUBLISHED·2 versions indexed·latest published 2026-05-26
// exfil path
what is read → where it shipssteals
- ● GCP creds
sends to
(no destination string extracted — payload may be dynamic / obfuscated)
evidence in excerpt
> const iiUrl = `http://localhost:8000/?canisterId=rwlgt-iiaaa-aaaaa-aaaaa-cai`
// publisher campaignby asteroiddao
9 caught packages from this accountThis is not an isolated catch. The same publisher has shipped 8 other packages that our pipeline flagged — the shape of a coordinated campaign, not a one-off. Each link below opens that sibling's analysis.
// offending code· @0.2.1· 3 files flagged
llm: benign · 0.85→ No suspicious destination, no remote-exec shape — 1 other host(s).
- @0.2.1··AUTO-PUBLISHED·publisher: asteroiddaoheuristic 89/100static flags 2llm benign (0.85) via ollamainstall-scripts:preinstallnew-publisher:1dpublisher-multi-name-burst:16publisher-version-pump:17osv-flagged:MAL-2026-4717eval-dynamicreads-gcp-creds
→ No suspicious destination, no remote-exec shape — 1 other host(s).
// offending code· 3 files flaggedpatterns: 2
--- install scripts --- ### preinstall ./src/compiler/native --- package/pages/index.js (excerpt) --- import { useEffect, Fragment, useState } from "react" import JSONPretty from "react-json-pretty" import { Checkbox, Image, Select, ChakraProvider, Box, Flex, Input, Textarea, } from "@chakra-ui/react" import { concat, last, init as _init, take, join, clone, filter, compose, values, keys, isNil, map, mapObjIndexed, is, slice, hasPath, includes, append, addIndex as _addIndex, } from "ramda" import { bind } from "nd" import weavedb from "lib/weavedb.json" let db export default bind( ({ set, init, router, conf, $ }) => { const fn = init([ "checkTempAddress", "setupWeaveDB", "createTempAddress", "createTempAddressWithII", "createTempAddressWithAR", "logoutTemp", "queryDB", ]) const [result, setResult] = useState("") const [admin_address, setAdminAddress] = useState("") const [state, setState] = useState(null) const [doc_path, setDocPath] = useState([]) const [tab, setTab] = useState("Data") const [cron, setCron] = useState(null) const [method, setMethod] = useState("get") const [query, setQuery] = useState("") const tabs = ["Data", "Schemas", "Rules", "Indexes", "Crons", "Auth"] const [network, setNetwork] = useState("Localhost") const [newNetwork, setNewNetwork] = useState("Localhost") const [newRules, setNewRules] = useState(`{"allow write": true}`) const [newRules2, setNewRules2] = useState(`{"allow write": true}`) con --- package/lib/weavedb.js (excerpt) --- const { Ed25519KeyIdentity } = require("@dfinity/identity") import arweave from "arweave" import client from "weavedb-client" import lf from "localforage" import SDK from "weavedb-sdk" import { ethers } from "ethers" import { AuthClient } from "@dfinity/auth-client" import { is, includes, difference, keys, compose, map, clone, indexBy, prop, pluck, mergeLeft, isNil, concat, last, path, } from "ramda" import { Buffer } from "buffer" import weavedb from "lib/weavedb.json" let sdk export const setupWeaveDB = async ({ conf, set, val: { network, contractTxId }, }) => { let arweave = { Localhost: { host: "localhost", port: 1820, protocol: "http", }, Testnet: { host: "testnet.redstone.tools", port: 443, protocol: "https", }, Mainnet: { host: "arweave.net", port: 443, protocol: "https", }, } sdk = new SDK({ wallet: weavedb.arweave, name: weavedb.weavedb.name, version: weavedb.weavedb.version, contractTxId: contractTxId, arweave: arweave[network], }) window.Buffer = Buffer set(true, "initWDB") return sdk } export const createTempAddressWithII = async ({ conf, set, val: { contractTxId }, }) => { const iiUrl = `http://localhost:8000/?canisterId=rwlgt-iiaaa-aaaaa-aaaaa-cai` console.log(iiUrl) const authClient = await AuthClient.create() await new Promise((resolve, reject) => { authClient.login({ identityProvider: iiU --- package/firebase/functions/package.json (excerpt) --- { "name": "functions", "description": "Cloud Functions for Firebase", "scripts": { "serve": "firebase emulators:start --only functions", "shell": "firebase functions:shell", "start": "npm run shell", "deploy": "firebase deploy --only functions", "logs": "firebase functions:log", "env:set": "firebase functions:config:set env=\"$(cat env.json)\"", "env:copy": "firebase functions:config:get > .runtimeconfig.json", "dev": "GOOGLE_APPLICATION_CREDENTIALS=\"../key.json\" firebase emulators:start --only functions" }, "engines": { "node": "10" }, "dependencies": { "firebase-admin": "^8.6.0", "firebase-functions": "^3.3.0", "firestore-sweet": "^0.4.9", "node-rsa": "^1.0.8", "ramda": "^0.27.0", "uuid": "^8.2.0" }, "devDependencies": { "firebase-functions-test": "^0.1.6" }, "bit": { "env": {}, "componentsDefaultDirectory": "nd/{name}", "packageManager": "npm" }, "private": true }
