// npm 패키지
@le-space/rootfs
Shared rootfs contract parsing, reference profile assets, and build helpers.
주간
295
월간
7,262
버전
60
메인테이너
1
라이선스
MIT
최초 publish
2026-05-16
publisher
nandiji
tarball
219,267 B
AUTO-PUBLISHED·1개 버전 인덱싱됨·최근 publish: 2026-06-06
// exfil path
what is read → where it shipssteals
- ● SSH keys
sends to
(no destination string extracted — payload may be dynamic / obfuscated)
evidence in excerpt
> import base64
> import urllib.error
> import urllib.parse
> import urllib.request
> DEFAULT_API_HOST = os.environ.get("ALEPH_BOOTSTRAP_API_HOST", "https://api2.aleph.im")// publisher 캠페인by nandiji
이 계정에서 catch된 패키지 2건고립된 catch가 아닙니다. 동일 publisher가 1개의 다른 패키지를 추가로 발행했고, 모두 파이프라인이 catch했습니다 — 일회성이 아닌 조직적 캠페인의 형태. 아래 링크는 각 형제 catch의 분석으로 이동합니다.
// offending code· @0.3.12· 3 files flagged
- @0.3.12··AUTO-PUBLISHED·publisher: nandijiheuristic 64/100static flags 6llm skippednew-publisher:16dmature-packagepublisher-multi-name-burst:6publisher-version-pump:26reads-env-varschild-process-spawnbase64-decodepy-urllib-requestpy-pip-install-runtimereads-ssh-keys
// offending code· 3 files flaggedpatterns: 6
--- package/reference/uc-go-peer/rootfs/uc-go-peer-autotls-refresh.py (excerpt) --- #!/usr/bin/env python3 import os import re import subprocess import time from typing import Iterable ENV_FILE = os.environ.get("ENV_FILE", "/etc/default/uc-go-peer") READY_FILE = os.environ.get("READY_FILE", "/etc/default/uc-go-peer.ready") AUTOTLS_READY_FILE = os.environ.get("AUTOTLS_READY_FILE", "/etc/default/uc-go-peer.autotls-ready") AUTOTLS_ZONE_FILE = os.environ.get("AUTOTLS_ZONE_FILE", "/etc/default/uc-go-peer.autotls-zone") AUTOTLS_HOSTS_FILE = os.environ.get("AUTOTLS_HOSTS_FILE", "/etc/default/uc-go-peer.autotls-hosts") SERVICE_NAME = os.environ.get("SERVICE_NAME", "uc-go-peer.service") WAIT_TIMEOUT_SECONDS = int(os.environ.get("AUTOTLS_WAIT_TIMEOUT_SECONDS", "900")) WAIT_INTERVAL_SECONDS = float(os.environ.get("AUTOTLS_WAIT_INTERVAL_SECONDS", "5")) WS_BACKEND_PORT = os.environ.get("WS_BACKEND_PORT", "9097").strip() def parse_env_file(path: str) -> dict[str, str]: values: dict[str, str] = {} if not os.path.exists(path): return values with open(path, encoding="utf-8") as handle: for line in handle: stripped = line.strip() if not stripped or stripped.startswith("#") or "=" not in stripped: continue key, value = stripped.split("=", 1) values[key.strip()] = value.strip() return values def write_env_var(path: str, key: str, value: str) -> None: lines: list[str] = [] replaced = False if os.path.exists(path): with open(path, encoding="utf-8") as handle --- package/reference/uc-go-peer/rootfs/uc-go-peer-bootstrap-refresh.py (excerpt) --- #!/usr/bin/env python3 import base64 import hashlib import ipaddress import json import os import subprocess import sys import time import urllib.error import urllib.parse import urllib.request try: from eth_account import Account from eth_account.messages import encode_defunct except ImportError as error: # pragma: no cover - runtime dependency raise SystemExit( "eth-account is required for guest-side bootstrap refresh publishing" ) from error ENV_FILE = os.environ.get("ENV_FILE", "/etc/default/uc-go-peer") DESCRIBE_SCRIPT = os.environ.get("DESCRIBE_SCRIPT", "/usr/local/sbin/uc-go-peer-describe.py") DEFAULT_API_HOST = os.environ.get("ALEPH_BOOTSTRAP_API_HOST", "https://api2.aleph.im") DEFAULT_CHANNEL = os.environ.get("ALEPH_BOOTSTRAP_CHANNEL", "simple-todo") DEFAULT_REF = os.environ.get("ALEPH_BOOTSTRAP_REF", "simple-todo-bootstrap") DEFAULT_POST_TYPE = os.environ.get("ALEPH_BOOTSTRAP_POST_TYPE", "relay-bootstrap") DEFAULT_PROFILE = os.environ.get("ALEPH_BOOTSTRAP_PROFILE", "uc-go-peer") MAX_PREVIOUS_PAGES = int(os.environ.get("ALEPH_BOOTSTRAP_MAX_PREVIOUS_PAGES", "5")) PAGINATION = int(os.environ.get("ALEPH_BOOTSTRAP_PAGINATION", "50")) def parse_env_file(path: str) -> dict[str, str]: values: dict[str, str] = {} if not os.path.exists(path): return values with open(path, encoding="utf-8") as handle: for line in handle: stripped = line.strip() if not stripped or stripped.startswith("#") or "=" --- package/reference/uc-go-peer/rootfs/uc-go-peer-bootstrap.sh (excerpt) --- #!/usr/bin/env bash set -euo pipefail set -x INSTALL_DIR="${INSTALL_DIR:-/opt/go-peer}" SERVICE_USER="${SERVICE_USER:-uc-go-peer}" DATA_DIR="${DATA_DIR:-/var/lib/uc-go-peer}" ENV_FILE="${ENV_FILE:-/etc/default/uc-go-peer}" READY_FILE="${READY_FILE:-/etc/default/uc-go-peer.ready}" AUTOTLS_READY_FILE="${AUTOTLS_READY_FILE:-/etc/default/uc-go-peer.autotls-ready}" AUTOTLS_ZONE_FILE="${AUTOTLS_ZONE_FILE:-/etc/default/uc-go-peer.autotls-zone}" AUTOTLS_HOSTS_FILE="${AUTOTLS_HOSTS_FILE:-/etc/default/uc-go-peer.autotls-hosts}" AUTOTLS_CADDY_READY_FILE="${AUTOTLS_CADDY_READY_FILE:-/etc/default/uc-go-peer.caddy-ready}" APP_BINARY="${APP_BINARY:-/usr/local/bin/universal-chat-go}" PHASE="${1:-all}" if [ ! -d "${INSTALL_DIR}" ]; then echo "Missing ${INSTALL_DIR}; the rootfs build did not create the relay support directory." exit 1 fi echo "[uc-go-peer-bootstrap] starting" echo "[uc-go-peer-bootstrap] support dir: ${INSTALL_DIR}" echo "[uc-go-peer-bootstrap] data dir: ${DATA_DIR}" echo "[uc-go-peer-bootstrap] env file: ${ENV_FILE}" echo "[uc-go-peer-bootstrap] app binary: ${APP_BINARY}" run_phase_base() { export DEBIAN_FRONTEND=noninteractive echo "[uc-go-peer-bootstrap] phase=base" echo "[uc-go-peer-bootstrap] running apt-get update" apt-get update echo "[uc-go-peer-bootstrap] installing base packages" apt-get install -y ca-certificates curl caddy python3-pip python3 -m pip install --break-system-packages --no-cache-dir eth-account rm -rf /var/lib/apt/lists/* } run
