// npm 패키지
@drax/identity-back
Identity module for user management, authentication and authorization.
버전
178
메인테이너
2
라이선스
ISC
최초 publish
2024-05-09
publisher
cincarnato
tarball
919,903 B
AUTO-PUBLISHED·1개 버전 인덱싱됨·최근 publish: 2026-06-05
// exfil path
what is read → where it shipssteals
- ● Azure creds
sends to
(no destination string extracted — payload may be dynamic / obfuscated)
→ view full payload// offending code· @3.51.0· 2 files flagged
- @3.51.0··AUTO-PUBLISHED·publisher: cincarnatoheuristic 64/100static flags 2llm skippednew-publisher:15dmature-packagepublisher-multi-name-burst:6publisher-version-pump:7reads-env-varsreads-azure-creds
// offending code· 2 files flaggedpatterns: 2
--- package/src/setup/LoadIdentityConfigFromEnv.ts (excerpt) --- import {DraxConfig} from "@drax/common-back"; import IdentityConfig from "../config/IdentityConfig.js"; import PasswordPolicyConfig from "../config/PasswordPolicyConfig.js"; function LoadIdentityConfigFromEnv() { DraxConfig.set(IdentityConfig.JwtSecret, process.env[IdentityConfig.JwtSecret]) DraxConfig.set(IdentityConfig.JwtExpiration, process.env[IdentityConfig.JwtExpiration]) DraxConfig.set(IdentityConfig.JwtIssuer, process.env[IdentityConfig.JwtIssuer]) DraxConfig.set(IdentityConfig.ApiKeySecret, process.env[IdentityConfig.ApiKeySecret]) DraxConfig.set(IdentityConfig.RbacCacheTTL, process.env[IdentityConfig.RbacCacheTTL]) DraxConfig.set(IdentityConfig.AvatarDir, process.env[IdentityConfig.AvatarDir]) DraxConfig.set(PasswordPolicyConfig.MinLength, process.env[PasswordPolicyConfig.MinLength]) DraxConfig.set(PasswordPolicyConfig.MaxLength, process.env[PasswordPolicyConfig.MaxLength]) DraxConfig.set(PasswordPolicyConfig.RequireUppercase, process.env[PasswordPolicyConfig.RequireUppercase]) DraxConfig.set(PasswordPolicyConfig.RequireLowercase, process.env[PasswordPolicyConfig.RequireLowercase]) DraxConfig.set(PasswordPolicyConfig.RequireNumber, process.env[PasswordPolicyConfig.RequireNumber]) DraxConfig.set(PasswordPolicyConfig.RequireSpecialChar, process.env[PasswordPolicyConfig.RequireSpecialChar]) DraxConfig.set(PasswordPolicyConfig.AllowedSpecialChars, process.env[PasswordPolicyConfig.AllowedSpecialChars]) DraxConfi --- package/src/services/UserEmailService.ts (excerpt) --- import {EmailTransportConfig, EmailLayoutServiceFactory, EmailTransportServiceFactory} from "@drax/email-back" import {CommonConfig, DraxConfig} from "@drax/common-back"; import type {SendMailOptions} from "nodemailer"; class UserEmailService { static async emailVerifyCode(emailCode: string, emailTo:string){ let emailLayout = EmailLayoutServiceFactory.instance let baseurl = DraxConfig.getOrLoad(CommonConfig.BaseUrl) let body = ` <h2 style="font-size: 22px; color: #333333; font-weight: 600; margin: 0 0 10px 0;"> Verificación de Email </h2> <p style="font-size: 16px; line-height: 1.6; color: #555555; margin: 0 0 15px 0;"> Para confirmar tu email, haz clic en el siguiente enlace: </p> <a href="${baseurl}/api/users/verify-email/${emailCode}" style="color: #333333; text-decoration: none; border: 1px solid #333333; padding: 10px 20px; text-align: center; text-decoration: none; display: inline-block;">Verificar Email</a> ` const emailFrom = DraxConfig.getOrLoad(EmailTransportConfig.authUsername) const emailOptions : SendMailOptions = { subject: "Verificación de Email", from: emailFrom, to: emailTo, html: emailLayout.html(body) } await EmailTransportServiceFactory.instance.sendEmail(emailOptions) } static async recoveryCode(recoveryCode: string, emailTo:string){ let emailLayout = E
