// npm 패키지
@le-space/node
Node and GitHub Actions adapters for shared Aleph tooling.
주간
268
월간
7,147
버전
63
메인테이너
1
라이선스
MIT
최초 publish
2026-05-15
publisher
nandiji
tarball
783,688 B
AUTO-PUBLISHED·1개 버전 인덱싱됨·최근 publish: 2026-06-06
// exfil path
what is read → where it shipssteals
- ● SSH keys
sends to
(no destination string extracted — payload may be dynamic / obfuscated)
evidence in excerpt
> import base64
> import urllib.error
> import urllib.parse
> import urllib.request
> DEFAULT_API_HOST = os.environ.get("ALEPH_BOOTSTRAP_API_HOST", "https://api2.aleph.im")// publisher 캠페인by nandiji
이 계정에서 catch된 패키지 2건고립된 catch가 아닙니다. 동일 publisher가 1개의 다른 패키지를 추가로 발행했고, 모두 파이프라인이 catch했습니다 — 일회성이 아닌 조직적 캠페인의 형태. 아래 링크는 각 형제 catch의 분석으로 이동합니다.
// offending code· @0.3.12· 3 files flagged
- @0.3.12··AUTO-PUBLISHED·publisher: nandijiheuristic 89/100static flags 6llm skippedtarball-size-jump:4xnew-publisher:16dmature-packagepublisher-multi-name-burst:6publisher-version-pump:22reads-env-varschild-process-spawnbase64-decodepy-urllib-requestpy-pip-install-runtimereads-ssh-keys
// offending code· 3 files flaggedpatterns: 6
--- package/index.js (excerpt) --- import { booleanEnv, integerEnv, jsonEnv, optionalEnv, requiredEnv } from "./chunk-D2FD27VA.js"; import "./chunk-4VNS5WPM.js"; // src/github-outputs.ts import { appendFile } from "fs/promises"; import { randomUUID } from "crypto"; async function appendGithubOutput(name, value, env = process.env) { const outputFile = env.GITHUB_OUTPUT; if (!outputFile) return; const normalized = String(value ?? ""); if (/\r|\n/.test(normalized)) { const marker = `__ALEPH_OUTPUT_${randomUUID()}__`; await appendFile(outputFile, `${name}<<${marker} ${normalized} ${marker} `); return; } await appendFile(outputFile, `${name}=${normalized} `); } async function appendGithubSummary(lines, env = process.env) { const summaryFile = env.GITHUB_STEP_SUMMARY; if (!summaryFile) return; await appendFile(summaryFile, `${lines.join("\n")} `); } function actionLog(level, message, options = {}) { const normalizedLevel = ["notice", "warning", "error"].includes(level) ? level : "notice"; const escaped = String(message).replace(/\r?\n/g, "%0A"); const stderr = options.stderr ?? process.stderr; const githubActions = options.githubActions ?? process.env.GITHUB_ACTIONS === "true"; if (githubActions) { stderr.write(`::${normalizedLevel}::${escaped} `); } stderr.write(`${message} `); } // src/signer.ts function ensureWalletAddress(wallet) { if (typeof wallet.address === "string" && wallet.address.trim()) return wallet.address; if (typeof wallet.getAddress == --- package/reference/uc-go-peer/rootfs/uc-go-peer-autotls-refresh.py (excerpt) --- #!/usr/bin/env python3 import os import re import subprocess import time from typing import Iterable ENV_FILE = os.environ.get("ENV_FILE", "/etc/default/uc-go-peer") READY_FILE = os.environ.get("READY_FILE", "/etc/default/uc-go-peer.ready") AUTOTLS_READY_FILE = os.environ.get("AUTOTLS_READY_FILE", "/etc/default/uc-go-peer.autotls-ready") AUTOTLS_ZONE_FILE = os.environ.get("AUTOTLS_ZONE_FILE", "/etc/default/uc-go-peer.autotls-zone") AUTOTLS_HOSTS_FILE = os.environ.get("AUTOTLS_HOSTS_FILE", "/etc/default/uc-go-peer.autotls-hosts") SERVICE_NAME = os.environ.get("SERVICE_NAME", "uc-go-peer.service") WAIT_TIMEOUT_SECONDS = int(os.environ.get("AUTOTLS_WAIT_TIMEOUT_SECONDS", "900")) WAIT_INTERVAL_SECONDS = float(os.environ.get("AUTOTLS_WAIT_INTERVAL_SECONDS", "5")) WS_BACKEND_PORT = os.environ.get("WS_BACKEND_PORT", "9097").strip() def parse_env_file(path: str) -> dict[str, str]: values: dict[str, str] = {} if not os.path.exists(path): return values with open(path, encoding="utf-8") as handle: for line in handle: stripped = line.strip() if not stripped or stripped.startswith("#") or "=" not in stripped: continue key, value = stripped.split("=", 1) values[key.strip()] = value.strip() return values def write_env_var(path: str, key: str, value: str) -> None: lines: list[str] = [] replaced = False if os.path.exists(path): with open(path, encoding="utf-8") as handle --- package/reference/uc-go-peer/rootfs/uc-go-peer-bootstrap-refresh.py (excerpt) --- #!/usr/bin/env python3 import base64 import hashlib import ipaddress import json import os import subprocess import sys import time import urllib.error import urllib.parse import urllib.request try: from eth_account import Account from eth_account.messages import encode_defunct except ImportError as error: # pragma: no cover - runtime dependency raise SystemExit( "eth-account is required for guest-side bootstrap refresh publishing" ) from error ENV_FILE = os.environ.get("ENV_FILE", "/etc/default/uc-go-peer") DESCRIBE_SCRIPT = os.environ.get("DESCRIBE_SCRIPT", "/usr/local/sbin/uc-go-peer-describe.py") DEFAULT_API_HOST = os.environ.get("ALEPH_BOOTSTRAP_API_HOST", "https://api2.aleph.im") DEFAULT_CHANNEL = os.environ.get("ALEPH_BOOTSTRAP_CHANNEL", "simple-todo") DEFAULT_REF = os.environ.get("ALEPH_BOOTSTRAP_REF", "simple-todo-bootstrap") DEFAULT_POST_TYPE = os.environ.get("ALEPH_BOOTSTRAP_POST_TYPE", "relay-bootstrap") DEFAULT_PROFILE = os.environ.get("ALEPH_BOOTSTRAP_PROFILE", "uc-go-peer") MAX_PREVIOUS_PAGES = int(os.environ.get("ALEPH_BOOTSTRAP_MAX_PREVIOUS_PAGES", "5")) PAGINATION = int(os.environ.get("ALEPH_BOOTSTRAP_PAGINATION", "50")) def parse_env_file(path: str) -> dict[str, str]: values: dict[str, str] = {} if not os.path.exists(path): return values with open(path, encoding="utf-8") as handle: for line in handle: stripped = line.strip() if not stripped or stripped.startswith("#") or "="
