// npm 패키지
@aztec/cli
The Aztec CLI `aztec-cli` is a command-line interface (CLI) tool for interacting with Aztec. It provides various commands for deploying contracts, creating accounts, interacting with contracts, and retrieving blockchain data.
버전
1070
메인테이너
6
최초 publish
2023-07-09
publisher
charlielye
tarball
523,385 B
AUTO-PUBLISHED·1개 버전 인덱싱됨·최근 publish: 2026-06-04
// exfil path
what is read → where it shipssteals
- ● Seed phrase
sends to
(no destination string extracted — payload may be dynamic / obfuscated)
evidence in excerpt
> export const { ETHEREUM_HOSTS = `http://${LOCALHOST}:8545`, PRIVATE_KEY, MNEMONIC, API_KEY, CLI_VERSION } = process.env;
> .default(`http://${LOCALHOST}:8080`)// publisher 캠페인by charlielye
이 계정에서 catch된 패키지 9건고립된 catch가 아닙니다. 동일 publisher가 8개의 다른 패키지를 추가로 발행했고, 모두 파이프라인이 catch했습니다 — 일회성이 아닌 조직적 캠페인의 형태. 아래 링크는 각 형제 catch의 분석으로 이동합니다.
// offending code· @4.3.1· 3 files flagged
- @4.3.1··AUTO-PUBLISHED·publisher: charlielyeheuristic 64/100static flags 4llm skippednew-publisher:15dmature-packagepublisher-multi-name-burst:34publisher-version-pump:35reads-seed-phrasehex-decodereads-env-varschild-process-spawn
// offending code· 3 files flaggedpatterns: 4
--- package/src/utils/aztec.ts (excerpt) --- import { type ContractArtifact, type FunctionAbi, FunctionType, getAllFunctionAbis, loadContractArtifact, } from '@aztec/aztec.js/abi'; import { EthAddress } from '@aztec/aztec.js/addresses'; import type { L1ContractsConfig } from '@aztec/ethereum/config'; import { RollupContract } from '@aztec/ethereum/contracts'; import type { Operator } from '@aztec/ethereum/deploy-aztec-l1-contracts'; import { SecretValue } from '@aztec/foundation/config'; import { Fr } from '@aztec/foundation/curves/bn254'; import { type LogFn, createLogger } from '@aztec/foundation/log'; import type { NoirPackageConfig } from '@aztec/foundation/noir'; import { protocolContractsHash } from '@aztec/protocol-contracts'; import TOML from '@iarna/toml'; import { readFile } from 'fs/promises'; import type { HDAccount, Hex, PrivateKeyAccount } from 'viem'; import { encodeArgs } from './encoding.js'; const logger = createLogger('cli:utils:aztec'); /** * Helper to get an ABI function or throw error if it doesn't exist. * @param artifact - Contract's build artifact in JSON format. * @param fnName - Function name to be found. * @returns The function's ABI. */ export function getFunctionAbi(artifact: ContractArtifact, fnName: string): FunctionAbi { const fn = getAllFunctionAbis(artifact).find(({ name }) => name === fnName); if (!fn) { throw Error(`Function ${fnName} not found in contract ABI.`); } return fn; } export async function deployNewRollupContracts( registryAddress: EthAddr --- package/src/utils/commands.ts (excerpt) --- import { Fr } from '@aztec/foundation/curves/bn254'; import { EthAddress } from '@aztec/foundation/eth-address'; import type { LogFn } from '@aztec/foundation/log'; import type { PXE } from '@aztec/pxe/server'; import { FunctionSelector } from '@aztec/stdlib/abi/function-selector'; import { AztecAddress } from '@aztec/stdlib/aztec-address'; import { PublicKeys } from '@aztec/stdlib/keys'; import { LogId } from '@aztec/stdlib/logs/log-id'; import { TxHash } from '@aztec/stdlib/tx/tx-hash'; import { type Command, CommanderError, InvalidArgumentError, Option } from 'commander'; import { lookup } from 'dns/promises'; import { rename, writeFile } from 'fs/promises'; /** * If we can successfully resolve 'host.docker.internal', then we are running in a container, and we should treat * localhost as being host.docker.internal. */ export const getLocalhost = () => lookup('host.docker.internal') .then(() => 'host.docker.internal') .catch(() => 'localhost'); export const LOCALHOST = await getLocalhost(); export const { ETHEREUM_HOSTS = `http://${LOCALHOST}:8545`, PRIVATE_KEY, MNEMONIC, API_KEY, CLI_VERSION } = process.env; export function addOptions(program: Command, options: Option[]) { options.forEach(option => program.addOption(option)); return program; } export const makeNodeOption = (mandatory: boolean) => new Option('-n, --node-url <string>', 'URL of the Aztec node') .env('AZTEC_NODE_URL') .default(`http://${LOCALHOST}:8080`) .makeOptionMandatory --- package/src/config/chain_l2_config.ts (excerpt) --- import type { NetworkNames } from '@aztec/foundation/config'; import path from 'path'; import { devnetConfig, mainnetConfig, testnetConfig } from './generated/networks.js'; type NetworkConfigEnv = Record<string, string | number | boolean>; const NetworkConfigs: Partial<Record<NetworkNames, NetworkConfigEnv>> = { devnet: devnetConfig, testnet: testnetConfig, mainnet: mainnetConfig, }; function enrichEnvironmentWithNetworkConfig(config: NetworkConfigEnv): void { for (const [key, value] of Object.entries(config)) { if (process.env[key] === undefined && value !== undefined) { process.env[key] = String(value); } } } function getDefaultDataDir(networkName: NetworkNames): string { return path.join(process.env.HOME || '~', '.aztec', networkName, 'data'); } /** * Sets up environment for the given network. * * For 'local' network: returns early, using hardcoded defaults from DefaultL1ContractsConfig * and DefaultSlasherConfig (which match the 'defaults' section of defaults.yml). * * For deployed networks: applies network configuration from generated defaults.yml, * merging base defaults with network-specific overrides. * * @param networkName - The network name */ export function enrichEnvironmentWithChainName(networkName: NetworkNames) { // For 'local', we don't inject any env vars - use hardcoded TypeScript/Solidity defaults // These defaults are defined in defaults.yml 'defaults' section and match: // - DefaultL1ContractsConfig (yarn-p
