// npm 패키지
@opensearch-project/opensearch
The official OpenSearch client for Node.js
버전
37
메인테이너
3
라이선스
Apache-2.0
최초 publish
2021-09-30
publisher
GitHub Actions
tarball
2,225,819 B
AUTO-PUBLISHED·1개 버전 인덱싱됨·최근 publish: 2026-04-27
// exfil path
what is read → where it shipssteals
- ○ home dir
- ○ system info
sends to
(no destination string extracted — payload may be dynamic / obfuscated)
evidence in excerpt
> "homepage": "https://www.opensearch.org/", > * http://www.apache.org/licenses/LICENSE-2.0 > * http://www.apache.org/licenses/LICENSE-2.0
// publisher 캠페인by GitHub Actions
이 계정에서 catch된 패키지 9건고립된 catch가 아닙니다. 동일 publisher가 8개의 다른 패키지를 추가로 발행했고, 모두 파이프라인이 catch했습니다 — 일회성이 아닌 조직적 캠페인의 형태. 아래 링크는 각 형제 catch의 분석으로 이동합니다.
// offending code· @3.6.0· 3 files flagged
llm: benign · 0.85→ 의심 전송지 없음, 원격 실행 형태 없음 — 3 other host(s).
- @3.6.0··AUTO-PUBLISHED·publisher: GitHub Actionsheuristic 75/100static flags 5llm benign (0.85) via ollamamature-packagehas-source-repoosv-flagged:MAL-2026-3434public-github-pushreads-env-varsbase64-decodereads-homedirreads-system-info
→ 의심 전송지 없음, 원격 실행 형태 없음 — 3 other host(s).
// offending code· 3 files flaggedpatterns: 5
--- package/package.json (excerpt) --- { "name": "@opensearch-project/opensearch", "description": "The official OpenSearch client for Node.js", "main": "index.js", "types": "index.d.ts", "exports": { ".": { "require": "./index.js", "types": "./index.d.ts", "import": "./index.mjs" }, "./aws": "./lib/aws/index.js", "./aws-v3": "./lib/aws/index-v3.js", "./*": "./*" }, "typesVersions": { "*": { ".": [ "index.d.ts" ], "aws": [ "./lib/aws/index.d.ts" ], "aws-v3": [ "./lib/aws/index-v3.d.ts" ] } }, "files": [ "api/", "lib/", "index.d.ts", "index.js", "index.mjs", "README.md", "LICENSE.txt" ], "homepage": "https://www.opensearch.org/", "version": "3.6.0", "versionCanary": "7.10.0-canary.6", "keywords": [ "opensearch", "opensearchDashboards", "mapping", "REST", "search", "client", "index" ], "scripts": { "test": "npm run lint && tap test/{unit,acceptance}/{*,**/*,**/**/*}.test.js && npm run test:types", "test:unit": "tap test/unit/{*,**/*,**/**/*}.test.js", "test:acceptance": "tap test/acceptance/*.test.js", "test:integration": "node test/integration/index.js", "test:integration:helpers": "tap test/integration/helpers/*.test.js", "test:integration:helpers-secure": "tap test/integration/helpers-secure/*.test.js", "test:types": "tsd", "test:coverage-90": "tap test/{unit,acceptance}/{*,**/*,**/**/*}.test --- package/lib/Client.js (excerpt) --- /* * Copyright OpenSearch Contributors * SPDX-License-Identifier: Apache-2.0 * * The OpenSearch Contributors require contributions made to * this file be licensed under the Apache-2.0 license or a * compatible open source license. * */ /* * Licensed to Elasticsearch B.V. under one or more contributor * license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright * ownership. Elasticsearch B.V. licenses this file to you under * the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ 'use strict'; const { EventEmitter } = require('events'); const { URL } = require('url'); const debug = require('debug')('opensearch'); const Transport = require('./Transport'); const Connection = require('./Connection'); const { ConnectionPool, CloudConnectionPool } = require('./pool'); const Helpers = require('./Helpers'); const Serializer = require('./Serializer'); const errors = require('./errors'); const { ConfigurationError } = errors; const { --- package/lib/Transport.js (excerpt) --- /* * Copyright OpenSearch Contributors * SPDX-License-Identifier: Apache-2.0 * * The OpenSearch Contributors require contributions made to * this file be licensed under the Apache-2.0 license or a * compatible open source license. * */ /* * Licensed to Elasticsearch B.V. under one or more contributor * license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright * ownership. Elasticsearch B.V. licenses this file to you under * the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ 'use strict'; const debug = require('debug')('opensearch'); const os = require('os'); const { gzip, unzip, createGzip } = require('zlib'); const buffer = require('buffer'); const ms = require('ms'); const { EventEmitter } = require('events'); const { ConnectionError, RequestAbortedError, NoLivingConnectionsError, ResponseError, ConfigurationError, } = require('./errors'); const noop = () => {}; const compatibleCheckEmitter = new EventEmit
