// npm 패키지
@aztec/aztec
Aztec is a package that allows for a simple development environment on Aztec stack. It creates a Private eXecution Environment (PXE) that listens for HTTP requests on `localhost:8080` by default. When started, it deploys all necessary L1 Aztec contracts a
버전
981
메인테이너
6
최초 publish
2025-02-07
publisher
charlielye
tarball
361,913 B
AUTO-PUBLISHED·1개 버전 인덱싱됨·최근 publish: 2026-06-04
// exfil path
what is read → where it shipssteals
- ● Seed phrase
sends to
(no destination string extracted — payload may be dynamic / obfuscated)
→ view full payload// publisher 캠페인by charlielye
이 계정에서 catch된 패키지 9건고립된 catch가 아닙니다. 동일 publisher가 8개의 다른 패키지를 추가로 발행했고, 모두 파이프라인이 catch했습니다 — 일회성이 아닌 조직적 캠페인의 형태. 아래 링크는 각 형제 catch의 분석으로 이동합니다.
// offending code· @4.3.1· 3 files flagged
- @4.3.1··AUTO-PUBLISHED·publisher: charlielyeheuristic 64/100static flags 4llm skippednew-publisher:15dmature-packagepublisher-multi-name-burst:34publisher-version-pump:35reads-seed-phrasehex-decodereads-env-varschild-process-spawn
// offending code· 3 files flaggedpatterns: 4
--- package/src/local-network/local-network.ts (excerpt) --- #!/usr/bin/env -S node --no-warnings import { getInitialTestAccountsData } from '@aztec/accounts/testing'; import { AztecNodeService } from '@aztec/aztec-node'; import { type AztecNodeConfig, getConfigEnvVars } from '@aztec/aztec-node/config'; import { Fr } from '@aztec/aztec.js/fields'; import { createLogger } from '@aztec/aztec.js/log'; import { type BlobClientInterface, createBlobClient } from '@aztec/blob-client/client'; import { GENESIS_ARCHIVE_ROOT } from '@aztec/constants'; import { createEthereumChain } from '@aztec/ethereum/chain'; import { waitForPublicClient } from '@aztec/ethereum/client'; import { getL1ContractsConfigEnvVars } from '@aztec/ethereum/config'; import { NULL_KEY } from '@aztec/ethereum/constants'; import { deployAztecL1Contracts } from '@aztec/ethereum/deploy-aztec-l1-contracts'; import { EthCheatCodes } from '@aztec/ethereum/test'; import { SecretValue } from '@aztec/foundation/config'; import { EthAddress } from '@aztec/foundation/eth-address'; import type { LogFn } from '@aztec/foundation/log'; import { DateProvider, TestDateProvider } from '@aztec/foundation/timer'; import { getVKTreeRoot } from '@aztec/noir-protocol-circuits-types/vk-tree'; import { protocolContractsHash } from '@aztec/protocol-contracts'; import { SequencerState } from '@aztec/sequencer-client'; import { AztecAddress } from '@aztec/stdlib/aztec-address'; import type { ProvingJobBroker } from '@aztec/stdlib/interfaces/server'; import type { PublicDataTreeLeaf } from '@aztec/stdl --- package/src/cli/admin_api_key_store.ts (excerpt) --- import { randomBytes } from '@aztec/foundation/crypto/random'; import { sha256Hash } from '@aztec/foundation/json-rpc/server'; import type { Logger } from '@aztec/foundation/log'; import { promises as fs } from 'fs'; import { join } from 'path'; /** Subdirectory under dataDirectory for admin API key storage. */ const ADMIN_STORE_DIR = 'admin'; const HASH_FILE_NAME = 'api_key_hash'; /** * Result of resolving the admin API key. * Contains the SHA-256 hex hash of the API key to be used by the auth middleware, * and optionally the raw key when newly generated (so the caller can display it). */ export interface AdminApiKeyResolution { /** The SHA-256 hash of the API key. */ apiKeyHash: Buffer; /** * The raw API key, only present when a new key was generated during this call. * The caller MUST display this to the operator — it will not be stored or returned again. */ rawKey?: string; } export interface ResolveAdminApiKeyOptions { /** SHA-256 hex hash of a pre-generated API key. When set, the node uses this hash directly. */ adminApiKeyHash?: string; /** If true, disable admin API key auth entirely. */ disableAdminApiKey?: boolean; /** If true, force-generate a new key even if one is already persisted. */ resetAdminApiKey?: boolean; /** Root data directory for persistent storage. */ dataDirectory?: string; } /** * Resolves the admin API key for the admin RPC endpoint. * * Strategy: * 1. If opt-out flag is set (`disableAdminApiKey`), retu --- package/src/cli/aztec_start_options.ts (excerpt) --- import { type ArchiverConfig, archiverConfigMappings } from '@aztec/archiver/config'; import { blobClientConfigMapping } from '@aztec/blob-client/client/config'; import { botConfigMappings } from '@aztec/bot/config'; import { l1ContractsConfigMappings } from '@aztec/ethereum/config'; import { l1ContractAddressesMapping } from '@aztec/ethereum/l1-contract-addresses'; import { l1ReaderConfigMappings } from '@aztec/ethereum/l1-reader'; import { getKeys } from '@aztec/foundation/collection'; import { type ConfigMapping, type EnvVar, booleanConfigHelper, isBooleanConfigValue, omitConfigMappings, } from '@aztec/foundation/config'; import { dataConfigMappings } from '@aztec/kv-store/config'; import { sharedNodeConfigMappings } from '@aztec/node-lib/config'; import { bootnodeConfigMappings, p2pConfigMappings } from '@aztec/p2p/config'; import { proverAgentConfigMappings, proverBrokerConfigMappings } from '@aztec/prover-client/broker/config'; import { proverNodeConfigMappings } from '@aztec/prover-node/config'; import { allPxeConfigMappings } from '@aztec/pxe/config'; import { sequencerClientConfigMappings } from '@aztec/sequencer-client/config'; import { chainConfigMappings, nodeRpcConfigMappings } from '@aztec/stdlib/config'; import { telemetryClientConfigMappings } from '@aztec/telemetry-client/config'; import { worldStateConfigMappings } from '@aztec/world-state/config'; import { DefaultMnemonic } from '../mnemonic.js'; // Define an interface for options export interfa
