All @asyncapi/generator-helpers versions
@asyncapi/generator-helpers @1.1.1
Package with reusable helpers that make it easier to work with AsyncAPI structures.
Maintainers
Dev Dependencies (1)
| Package | Constraint | Registry Status |
|---|---|---|
| jest | ^28.1.3 | auto_approved |
Changes from v1.1.0
No metadata changes detected.
File Changes
Risk Dispositions (3 applicable to this version, 0 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
encoded-string-file:src/utils.js |
source-diff | reject | AI | AI (source-diff): Injected javascript-obfuscator payload in src/utils.js spawns a detached hidden child process at load; malicious. | |
semgrep:obfuscation-while-true |
semgrep | reject | AI | AI (semgrep): while(!![]) is the obfuscator preamble wrapping the injected backdoor in src/utils.js. | |
semgrep:obfuscation-hex-functions |
semgrep | reject | AI | AI (semgrep): _0x hex functions are the obfuscated injected dropper; not present in legit upstream helpers. |
SAST Findings (5)
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads. Artifact: obfuscated (_0x-array) — true obfuscation signature.
while(!![]) loop is a signature of javascript-obfuscator output Source: https://github.com/asyncapi/generator/blob/3eab3ec9304aa26081358330491d3cfeb55cc245/src/utils.js#L77 75 | .join('_'); 76 | }; > 77 | 78 | const toCamelCase = (inputStr) => { 79 | return inputStr
Hex-prefixed function names (_0x...) are generated by javascript-obfuscator Source: https://github.com/asyncapi/generator/blob/3eab3ec9304aa26081358330491d3cfeb55cc245/src/utils.js#L77 75 | .join('_'); 76 | }; > 77 | 78 | const toCamelCase = (inputStr) => { 79 | return inputStr
Hex-prefixed function names (_0x...) are generated by javascript-obfuscator Source: https://github.com/asyncapi/generator/blob/3eab3ec9304aa26081358330491d3cfeb55cc245/src/utils.js#L77 75 | .join('_'); 76 | }; > 77 | 78 | const toCamelCase = (inputStr) => { 79 | return inputStr
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
Review Summary
Risk score: 100 (capped from 130). Findings: 4 high (+100), 3 medium (+30), 2 info (+0).
Commit: 3eab3ec9304a Browse source
Published to npm: