// npm 패키지
@pipedream/faunadb
Pipedream Faunadb Components
주간
2
월간
29
버전
9
메인테이너
8
최초 publish
2021-01-07
publisher
adolfo-pd
tarball
19,922 B
AUTO-PUBLISHED·1개 버전 인덱싱됨·최근 publish: 2026-05-29
// exfil path
what is read → where it shipssteals
- ● npm token
sends to
(no destination string extracted — payload may be dynamic / obfuscated)
evidence in excerpt
> import { axios } from "@pipedream/platform";
> return "https://graphql.fauna.com";
> return axios($ ?? this, {// publisher 캠페인by adolfo-pd
이 계정에서 catch된 패키지 9건고립된 catch가 아닙니다. 동일 publisher가 8개의 다른 패키지를 추가로 발행했고, 모두 파이프라인이 catch했습니다 — 일회성이 아닌 조직적 캠페인의 형태. 아래 링크는 각 형제 catch의 분석으로 이동합니다.
// offending code· @0.4.0· 1 file flagged
llm: benign · 0.85→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s), 1 other host(s).
- @0.4.0··AUTO-PUBLISHED·publisher: adolfo-pdheuristic 99/100static flags 1llm benign (0.85) via ollamanew-publisher:10drecent-owner-changepublisher-multi-name-burst:127publisher-version-pump:128dormant-takeover:prev=casret@0.3.8reads-npmrc
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s), 1 other host(s).
// offending code· 1 file flaggedpatterns: 1
--- package/faunadb.app.mjs (excerpt) --- import { axios } from "@pipedream/platform"; import faunadb from "faunadb"; const Client = faunadb.Client; const { Paginate, Map, Lambda, Get, Var, Collection, Collections, Documents, } = faunadb.query; export default { type: "app", app: "faunadb", propDefinitions: { collections: { type: "string", label: "Collection", description: "The ID of a collection", async options() { const collections = await this.getCollections(); return collections.map((collection) => collection.id); }, }, }, methods: { _authToken() { return this.$auth.secret; }, _apiUrl() { return "https://graphql.fauna.com"; }, _headers() { return { "Authorization": `Bearer ${this._authToken()}`, }; }, async _makeRequest(path, options = {}, $ = undefined) { return axios($ ?? this, { url: `${this._apiUrl()}/${path}`, headers: this._headers(), ...options, }); }, _createApiClient() { return new Client({ secret: this._authToken(), }); }, async getCollections() { const client = this._createApiClient(); const collections = []; const collectionsPaginator = client.paginate(Collections()); await collectionsPaginator.each((page) => { collections.push(...page); }); await client.close(); return collections; }, async getDocumentsInCollection({ collect
