// npm package
weavedb-lite
versions
2
maintainers
1
first publish
2025-01-27
publisher
asteroiddao
tarball
3,110,720 B
AUTO-PUBLISHED·2 versions indexed·latest published 2026-05-26
// publisher campaignby asteroiddao
9 caught packages from this accountThis is not an isolated catch. The same publisher has shipped 8 other packages that our pipeline flagged — the shape of a coordinated campaign, not a one-off. Each link below opens that sibling's analysis.
// offending code· @0.1.1· 3 files flagged
llm: benign · 0.85→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
- @0.1.1··AUTO-PUBLISHED·publisher: asteroiddaoheuristic 89/100static flags 2llm benign (0.85) via ollamainstall-scripts:preinstallnew-publisher:1dpublisher-multi-name-burst:16publisher-version-pump:17osv-flagged:MAL-2026-4720long-base64-literalbase64-decode
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
// NHI intent16 targets·mixed harvest patterns·gate: always - AWS credentials fileaws-credentials-file
./src/deps.ts
