// npm 패키지
fca-eryxenx
Facebook Chat API - Modified by EryXenX | Stable, Auto Re-login, Fixed setMessageReaction
버전
9
메인테이너
1
라이선스
MIT
최초 publish
2026-03-13
publisher
eryxenx
tarball
554,107 B
AUTO-PUBLISHED·1개 버전 인덱싱됨·최근 publish: 2026-05-16
// exfil path
what is read → where it shipssteals
- ● Chromium logins
sends to
- ⤳ edge-chat.facebook.com(edge-chat.facebook.com (via hostname var))
// offending code· @6.0.0· 4 files flagged
llm: benign · 0.85→ 의심 전송지 없음, 원격 실행 형태 없음 — 2 other host(s).
- @6.0.0··AUTO-PUBLISHED·publisher: eryxenxheuristic 75/100static flags 6llm benign (0.85) via ollamanew-publisher:11dhas-source-repoosv-flagged:MAL-2026-4559public-github-pushreads-chromium-credsbase64-decodereads-env-varschild-process-spawndest-via-hostname-var
→ 의심 전송지 없음, 원격 실행 형태 없음 — 2 other host(s).
// offending code· 4 files flaggedpatterns: 6
--- package/package.json (excerpt) --- { "name": "fca-eryxenx", "version": "6.0.0", "description": "Facebook Chat API - Modified by EryXenX | Stable, Auto Re-login, Fixed setMessageReaction", "main": "index.js", "types": "index.d.ts", "exports": { ".": { "require": "./index.js", "default": "./index.js", "types": "./index.d.ts" } }, "files": [ "index.js", "index.d.ts", "module/", "func/", "src/", "DOCS.md", "README.md", "LICENSE", "CHANGELOG.md" ], "scripts": { "test": "mocha", "lint": "eslint ." }, "repository": { "type": "git", "url": "git+https://github.com/EryXenX/fca-eryxenx.git" }, "keywords": [ "facebook", "chat", "api", "messenger", "bot", "unofficial", "fca", "fca-eryxenx", "eryxenx" ], "author": { "name": "EryXenX", "url": "https://github.com/EryXenX" }, "contributors": [ { "name": "EryXenX", "url": "https://github.com/EryXenX" }, { "name": "DongDev (Original)", "url": "https://github.com/dongp06" } ], "license": "MIT", "bugs": { "url": "https://github.com/EryXenX/fca-eryxenx/issues" }, "homepage": "https://github.com/EryXenX/fca-eryxenx#readme", "engines": { "node": ">=12.0.0" }, "dependencies": { "axios": "^1.13.5", "axios-cookiejar-support": "^5.0.5", "bluebird": "^3.7.2", "chalk": "^4.1.2", "cheerio": "^1.0.0-rc.10", "duplexify": "^4.1.3", "gradient-string --- package/src/utils/client.js (excerpt) --- "use strict"; const { saveCookies, getAppState } = require("./cookies"); const { parseAndCheckLogin } = require("./loginParser"); module.exports = { saveCookies, getAppState, parseAndCheckLogin }; --- package/src/utils/cookies.js (excerpt) --- "use strict"; // Cookie helpers extracted from client.js function saveCookies(jar) { return res => { try { const setCookie = res?.headers?.["set-cookie"]; if (Array.isArray(setCookie) && setCookie.length) { const url = res?.request?.res?.responseUrl || (res?.config?.baseURL ? new URL(res.config.url || "/", res.config.baseURL).toString() : res?.config?.url || "https://www.facebook.com"); for (const c of setCookie) { try { jar.setCookieSync(c, url); } catch { // ignore per-cookie errors } } } } catch { // ignore unexpected cookie parsing errors } return res; }; } function getAppState(jar) { if (!jar || typeof jar.getCookiesSync !== "function") return []; const urls = ["https://www.facebook.com"]; const all = urls.flatMap(u => { try { return jar.getCookiesSync(u) || []; } catch { return []; } }); const seen = new Set(); const out = []; for (const c of all) { const key = c.key || c.name; if (!key) continue; const id = key + "|" + (c.domain || "") + "|" + (c.path || "/"); if (seen.has(id)) continue; seen.add(id); out.push({ key, value: c.value, domain: c.domain || ".facebook.com", path: c.path || "/", hostOnly: !!c.hostOnly, creation: c.creation || new Date(), lastAccessed: c.lastAccessed || new Date(), sec --- package/src/api/threads/getThreadList.js (excerpt) --- "use strict"; const log = require("../../../func/logAdapter"); const { parseAndCheckLogin } = require("../../utils/client"); const { formatID, getType } = require("../../utils/format"); function createProfileUrl(url, username, id) { if (url) return url; return ( "https://www.facebook.com/" + (username || formatID(id.toString())) ); } function formatParticipants(participants) { return participants.edges.map(p => { p = p.node.messaging_actor; switch (p["__typename"]) { case "User": return { accountType: p["__typename"], userID: formatID(p.id.toString()), // do we need .toString()? when it is not a string? name: p.name, shortName: p.short_name, gender: p.gender, url: p.url, // how about making it profileURL profilePicture: p.big_image_src.uri, username: p.username || null, // TODO: maybe better names for these? isViewerFriend: p.is_viewer_friend, // true/false isMessengerUser: p.is_messenger_user, // true/false isVerified: p.is_verified, // true/false isMessageBlockedByViewer: p.is_message_blocked_by_viewer, // true/false isViewerCoworker: p.is_viewer_coworker, // true/false isEmployee: p.is_employee // null? when it is something other? can someone check? }; case "Page": return { accountType: p["__typename"], userID: formatID(p.id.toString()), // or maybe --- dynamic destinations --- → edge-chat.facebook.com (via hostname-var)
