// npm package
weavedb-exm-sdk-web
Web Client for WeaveDB on Execution Machine
weekly
19
monthly
77
versions
19
maintainers
1
license
MIT
first publish
2022-10-29
publisher
asteroiddao
tarball
978,913 B
AUTO-PUBLISHED·2 versions indexed·latest published 2026-05-26
// publisher campaignby asteroiddao
9 caught packages from this accountThis is not an isolated catch. The same publisher has shipped 8 other packages that our pipeline flagged — the shape of a coordinated campaign, not a one-off. Each link below opens that sibling's analysis.
// offending code· @0.7.4· no static-pattern hits
llm: benign · 0.85→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s), 1 other host(s).
- @0.7.4··AUTO-PUBLISHED·publisher: asteroiddaoheuristic 89/100static flags 0llm benign (0.85) via ollamainstall-scripts:preinstallnew-publisher:1dmature-packagehas-source-repopublisher-multi-name-burst:16publisher-version-pump:17osv-flagged:MAL-2026-4719
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s), 1 other host(s).
// offending code· no static-pattern hits
--- install scripts --- ### preinstall ./bin/install-deps --- package.json (entry) --- { "name": "weavedb-exm-sdk-web", "version": "0.7.4", "description": "Web Client for WeaveDB on Execution Machine", "homepage": "https://weavedb.dev", "repository": { "type": "git", "url": "https://github.com/weavedb/weavedb" }, "main": "index.js", "license": "MIT", "engines": { "node": "16" }, "scripts": { "preinstall": "./bin/install-deps" }, "dependencies": { "arweave": "^1.11.4", "fpjson-lang": "^0.1.1", "isomorphic-fetch": "^3.0.0", "json-logic-js": "^2.0.2", "ramda": "^0.28.0", "weavedb-base": "^0.7.3" }, "devDependencies": { "esbuild": "^0.14.50", "rimraf": "^3.0.2" } } --- index.js (entry) --- const Base = require("weavedb-base") const { isNil, clone, keys } = require("ramda") let Arweave = require("arweave") Arweave = isNil(Arweave.default) ? Arweave : Arweave.default require("isomorphic-fetch") class SDK extends Base { constructor({ functionId }) { super() this.functionId = functionId this.arweave = Arweave.init() this.domain = { name: "weavedb", version: "1", verifyingContract: "exm" } } async request(func, ...query) { return this.viewState({ function: func, query, }) } async viewState(opt) { const tx = await this.send(opt) if ( isNil(tx.data.execution.result) || tx.data.execution.result.success !== true ) { throw new Error() } return tx.data.execution.result.result } async getNonce(addr) { return ( (await this.viewState({ function: "nonce", address: addr, })) + (isNil(this.endpoint) ? 1 : 0) ) } async getIdx(tx) { return await this.viewState({ function: "ids", tx, }) } async _request(func, param) { return await this.send(param) } async evolve(value, opt) { return this._write2("evolve", { value }, {
