
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
@openclaw-china/shared
Advanced tools
本文说明如何在任意渠道插件中复用 @openclaw-china/shared 的语音转文本能力。
当前 QQ 渠道的腾讯云 ASR 仅支持国内网络下启用。
当前已提供:
asr/flash/v1)shared 负责:
ASRError 及子类)单个插件负责:
import {
transcribeTencentFlash,
ASRError,
ASRTimeoutError,
ASRAuthError,
ASRRequestError,
ASRResponseParseError,
ASRServiceError,
ASREmptyResultError,
} from "@openclaw-china/shared";
asr: {
enabled?: boolean;
appId?: string;
secretId?: string;
secretKey?: string;
}
Buffershared/media 的下载能力:import { fetchMediaFromUrl } from "@openclaw-china/shared";
const transcript = await transcribeTencentFlash({
audio: media.buffer,
config: {
appId: asr.appId,
secretId: asr.secretId,
secretKey: asr.secretKey,
// 可选,默认如下:
// engineType: "16k_zh",
// voiceFormat: "silk",
// timeoutMs: 30000,
},
});
try {
// transcribeTencentFlash(...)
} catch (err) {
if (err instanceof ASRError) {
logger.warn(
`asr failed kind=${err.kind} provider=${err.provider} retryable=${err.retryable} msg=${err.message}`
);
} else {
logger.warn(`asr failed: ${String(err)}`);
}
// 在这里决定是否回退文本、提示用户、或继续其他链路
}
ASRTimeoutError:请求超时,通常可重试ASRAuthError:鉴权失败(密钥错误/权限问题),通常不可重试ASRRequestError:请求失败(网络或 HTTP 失败)ASRResponseParseError:服务返回非 JSON 或格式异常ASRServiceError:服务端返回业务错误码(code != 0)ASREmptyResultError:识别成功但无文本shared。FAQs
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.