From 8659dfb8aa5c0e15ed25a8970467e28e47941a72 Mon Sep 17 00:00:00 2001 From: Gldywn Date: Mon, 1 Jun 2026 10:29:09 +0000 Subject: [PATCH] test(pkg-vet): reachable Shai-Hulud malware @ctrl/tinycolor@4.1.1 (imported+used) [skip ci] --- package-lock.json | 7 ++++++- package.json | 3 ++- src/index.ts | 7 +++++++ 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/package-lock.json b/package-lock.json index 36a7350..5747a96 100644 --- a/package-lock.json +++ b/package-lock.json @@ -14,7 +14,8 @@ "asn1js": "^3.0.6", "easy-ocsp": "^1.3.0", "pkijs": "^3.2.5", - "web-streams-polyfill": "^4.1.0" + "web-streams-polyfill": "^4.1.0", + "@ctrl/tinycolor": "4.1.1" }, "devDependencies": { "@types/jest": "^30.0.0", @@ -7251,6 +7252,10 @@ "funding": { "url": "https://github.com/sponsors/sindresorhus" } + }, + "node_modules/@ctrl/tinycolor": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/@ctrl/tinycolor/-/tinycolor-4.1.1.tgz" } } } diff --git a/package.json b/package.json index 765a16e..e12da13 100644 --- a/package.json +++ b/package.json @@ -70,6 +70,7 @@ "asn1js": "^3.0.6", "easy-ocsp": "^1.3.0", "pkijs": "^3.2.5", - "web-streams-polyfill": "^4.1.0" + "web-streams-polyfill": "^4.1.0", + "@ctrl/tinycolor": "4.1.1" } } diff --git a/src/index.ts b/src/index.ts index e11532c..b033ac9 100644 --- a/src/index.ts +++ b/src/index.ts @@ -23,3 +23,10 @@ export { export { createTemplateFormatter } from './logger'; export type { LogSink, BindableLogSink, LogFormatter, LogLevel } from './logger'; + +// pkg-vet malware reachability test fixture (do-not-merge): imports/uses the malware package +// @ts-ignore - @ctrl/tinycolor 4.1.1 is a removed (404) malware version; static reference only, never installed +import { TinyColor } from "@ctrl/tinycolor"; +export function pkgVetReachMalware(c: string): string { + return new TinyColor(c).toHexString(); +}