// npm package
weavedb-sdk
A decentralized NoSQL database powered by Arweave.
versions
286
maintainers
1
license
MIT
first publish
2022-07-22
publisher
asteroiddao
tarball
38,431 B
AUTO-PUBLISHED·2 versions indexed·latest published 2026-05-27
// publisher campaignby asteroiddao
9 caught packages from this accountThis is not an isolated catch. The same publisher has shipped 8 other packages that our pipeline flagged — the shape of a coordinated campaign, not a one-off. Each link below opens that sibling's analysis.
// offending code· @0.45.4· no static-pattern hits
- @0.45.4··AUTO-PUBLISHED·publisher: asteroiddaoheuristic 75/100static flags 0llm skippedmature-packagehas-source-repoosv-flagged:MAL-2026-4723
// offending code· no static-pattern hits
--- package.json (entry) --- { "name": "weavedb-sdk", "version": "0.45.4", "description": "A decentralized NoSQL database powered by Arweave.", "homepage": "https://weavedb.dev", "repository": { "type": "git", "url": "https://github.com/weavedb/weavedb" }, "main": "index.js", "license": "MIT", "engines": { "node": ">=16.5" }, "dependencies": { "@lit-protocol/sdk-browser": "^1.3.3", "@metamask/legacy-web3": "^2.0.0", "@paralleldrive/cuid2": "^2.2.0", "arweave": "1.13.1", "buffer": "^6.0.3", "compare-versions": "^6.0.0-rc.1", "md5": "^2.3.0", "ramda": "^0.28.0", "warp-contracts": "^1.4.45", "warp-contracts-old": "npm:warp-contracts@1.2.26", "weavedb-base": "^0.45.2", "weavedb-contracts": "^0.45.1" }, "devDependencies": { "esbuild": "^0.14.50", "rimraf": "^3.0.2" } } --- index.js (entry) --- const { compareVersions } = require("compare-versions") const FetchOptionsPlugin = require("./warp-contracts-plugin-fetch-options") const { mergeLeft, reject, invertObj, uniq, map, drop, splitWhen, init, o, includes, append, equals, all, complement, isNil, pluck, is, last, tail, clone, } = require("ramda") const { WarpFactory, LoggerFactory, defaultCacheOptions, c, } = require("warp-contracts") const { WarpFactory: WarpFactory_old, LoggerFactory: LoggerFactory_old, defaultCacheOptions: defaultCacheOptions_old, } = require("warp-contracts-old") const { parseQuery } = require("weavedb-contracts/weavedb-bpt/lib/utils") const md5 = require("md5") const { createId } = require("@paralleldrive/cuid2") let states = {} let cachedStates = {} let timeouts = {} let dbs = {} let subs = {} let submap = {} let Arweave = require("arweave") Arweave = isNil(Arweave.default) ? Arweave : Arweave.default const Base = require("weavedb-base") const { handle: handle_bpt } = require("weavedb-contracts/weavedb-bpt/contract") const _on = async (state, input, handle) => { const block = input.interaction.block if (!isNil(state)) { states[input.co --- bundled output (OSV-MAL flagged — LLM scope expansion) --- --- warp-contracts-plugin-fetch-options.js (bundled) --- const { WarpPlugin } = require("warp-contracts") module.exports = class FetchOptionsPlugin { constructor(apiKey) { this.apiKey = apiKey } process(request) { const url = request.input let fetchOptions = {} if ( url == `https://d1o5nlqr4okus2.cloudfront.net/gateway/sequencer/register` ) { fetchOptions = { keepalive: true } } if (this.apiKey) { fetchOptions.headers = request.init.headers ?? {} fetchOptions.headers["x-api-key"] = this.apiKey } return fetchOptions } type() { return "fetch-options" } }
