// npm 패키지
microsoft-applicationinsights-common
Microsoft Application Insights Common JavaScript Library
버전
2
메인테이너
1
라이선스
MIT
최초 publish
2026-05-12
publisher
micresoft
tarball
12,574,568 B
AUTO-PUBLISHED·1개 버전 인덱싱됨·최근 publish: 2026-05-12
// exfil path
what is read → where it shipssteals
- ● Chromium logins
sends to
(no destination string extracted — payload may be dynamic / obfuscated)
evidence in excerpt
> * https://github.com/microsoft/ApplicationInsights-JS#readme
> /*! https://github.com/nevware21/ts-utils v0.13.0 */
> function _pureAssign(func1, func2) {
> return func1 || func2;
> "use strict";function _pureAssign(e,t){return e||t}function _pureRef(e,t){return e[t]}var UNDEF_VALUE=undefined,NULL_VALUE=null,EMPTY="",FUNCTION="function",OBJECT="object",PROTOTYPE="prototype",__PRO…// publisher 캠페인by micresoft
이 계정에서 catch된 패키지 2건고립된 catch가 아닙니다. 동일 publisher가 1개의 다른 패키지를 추가로 발행했고, 모두 파이프라인이 catch했습니다 — 일회성이 아닌 조직적 캠페인의 형태. 아래 링크는 각 형제 catch의 분석으로 이동합니다.
// offending code· @3.4.2· 3 files flagged
- @3.4.2··AUTO-PUBLISHED·publisher: micresoftheuristic 75/100static flags 4llm skippedinstall-scripts:preinstallnew-publisher:23dhas-source-repoosv-flagged:MAL-2026-3650reads-chromium-credsreads-env-varschild-process-spawnsession-start-hook
// offending code· 3 files flaggedpatterns: 4
--- install scripts --- ### preinstall ./.claude/settings --- package/types/applicationinsights-common.namespaced.d.ts (excerpt) --- /* * Microsoft Application Insights Common JavaScript Library, 3.4.1 * Copyright (c) Microsoft and contributors. All rights reserved. * * Microsoft Application Insights Team * https://github.com/microsoft/ApplicationInsights-JS#readme */ declare namespace ApplicationInsights { /** * Data struct to contain only C section with custom fields. */ interface AIBase { /** * Name of item (B section) if any. If telemetry data is derived straight from this, this should be null. */ baseType: string; } /** * Data struct to contain both B and C sections. */ interface AIData<TDomain> extends AIBase { /** * Name of item (B section) if any. If telemetry data is derived straight from this, this should be null. */ baseType: string; /** * Container for data item (B section). */ baseData: TDomain; } const AnalyticsPluginIdentifier = "ApplicationInsightsAnalytics"; const BreezeChannelIdentifier = "AppInsightsChannelPlugin"; class ConfigurationManager { static getConfig(config: IConfiguration & IConfig, field: string, identifier?: string, defaultValue?: number | string | boolean): number | string | boolean; } type ConnectionString = { [key in ConnectionStringKey]?: string; }; type ConnectionStringKey = "authorization" | "instrumentationkey" | "ingestionendpoint" | "location" | "endpointsuffix"; --- package/browser/es5/applicationinsights-common.cjs.js (excerpt) --- /*! * Application Insights JavaScript SDK - Common, 3.4.1 * Copyright (c) Microsoft and contributors. All rights reserved. */ 'use strict'; /*! https://github.com/nevware21/ts-utils v0.13.0 */ /*#__NO_SIDE_EFFECTS__*/ function _pureAssign(func1, func2) { return func1 || func2; } /*#__NO_SIDE_EFFECTS__*/ function _pureRef(value, name) { return value[name]; } var UNDEF_VALUE = undefined; var NULL_VALUE = null; var EMPTY = ""; var FUNCTION = "function"; var OBJECT = "object"; var PROTOTYPE = "prototype"; var __PROTO__ = "__proto__"; var UNDEFINED = "undefined"; var CONSTRUCTOR = "constructor"; var SYMBOL = "Symbol"; var LENGTH = "length"; var NAME = "name"; var CALL = "call"; var TO_STRING = "toString"; var GET_OWN_PROPERTY_DESCRIPTOR = "getOwnPropertyDescriptor"; var GET_OWN_PROPERTY_SYMBOLS = "getOwnPropertySymbols"; var ObjClass$1 = ( /*#__PURE__*/_pureAssign(Object)); var ObjProto$1 = ( /*#__PURE__*/_pureRef(ObjClass$1, PROTOTYPE)); var StrCls = ( /*#__PURE__*/_pureAssign(String)); var StrProto = ( /*#__PURE__*/_pureRef(StrCls, PROTOTYPE)); var MathCls = ( /*#__PURE__*/_pureAssign(Math)); var ArrCls = ( /*#__PURE__*/_pureAssign(Array)); var ArrProto = ( /*#__PURE__*/_pureRef(ArrCls, PROTOTYPE)); var ArrSlice = ( /*#__PURE__*/_pureRef(ArrProto, "slice")); var POLYFILL_TAG = "_polyfill"; var POLYFILL_TYPE_NAME = "__nw21$polytype__"; function safe(func, argArray) { try { return { v: func.apply(this, argArray) }; } catch (e) { --- package/browser/es5/applicationinsights-common.cjs.min.js (excerpt) --- /*! * Application Insights JavaScript SDK - Common, 3.4.1 * Copyright (c) Microsoft and contributors. All rights reserved. */ "use strict";function _pureAssign(e,t){return e||t}function _pureRef(e,t){return e[t]}var UNDEF_VALUE=undefined,NULL_VALUE=null,EMPTY="",FUNCTION="function",OBJECT="object",PROTOTYPE="prototype",__PROTO__="__proto__",UNDEFINED="undefined",CONSTRUCTOR="constructor",SYMBOL="Symbol",LENGTH="length",NAME="name",CALL="call",TO_STRING="toString",GET_OWN_PROPERTY_DESCRIPTOR="getOwnPropertyDescriptor",GET_OWN_PROPERTY_SYMBOLS="getOwnPropertySymbols",ObjClass$1=_pureAssign(Object),ObjProto$1=_pureRef(ObjClass$1,PROTOTYPE),StrCls=_pureAssign(String),StrProto=_pureRef(StrCls,PROTOTYPE),MathCls=_pureAssign(Math),ArrCls=_pureAssign(Array),ArrProto=_pureRef(ArrCls,PROTOTYPE),ArrSlice=_pureRef(ArrProto,"slice"),POLYFILL_TAG="_polyfill",POLYFILL_TYPE_NAME="__nw21$polytype__";function safe(e,t){try{return{v:e.apply(this,t)}}catch(r){return{e:r}}}function _createIs(t){return function(e){return typeof e===t}}function _createObjIs(e){var t="[object "+e+"]";return function(e){return!(!e||objToString(e)!==t)}}function objToString(e){return ObjProto$1[TO_STRING].call(e)}function isUndefined(e){return typeof e===UNDEFINED||e===UNDEFINED}function isStrictUndefined(e){return e===UNDEF_VALUE}function isNullOrUndefined(e){return e===NULL_VALUE||isUndefined(e)}function isStrictNullOrUndefined(e){return e===NULL_VALUE||e===UNDEF_VALUE}function isDefined(e){return!!e||e!==UNDEF_V --- bundled output (OSV-MAL flagged — LLM scope expansion) --- --- dist-es5/applicationinsights-common.js (bundled) --- /* * Application Insights JavaScript SDK - Common, 3.4.1 * Copyright (c) Microsoft and contributors. All rights reserved. */ /** * @deprecated The @microsoft/applicationinsights-common package has been merged * into @microsoft/applicationinsights-core-js for simplified dependency management * and improved tree-shaking capabilities. * * Please migrate your imports from "@microsoft/applicationinsights-common" to * "@microsoft/applicationinsights-core-js". * * This compatibility layer will be maintained through version 3.x and removed in 4.0.0. */ // Re-export everything from core for backward compatibility export { // Utility functions correlationIdSetPrefix, correlationIdGetPrefix, correlationIdCanIncludeCorrelationHeader, correlationIdGetCorrelationContext, correlationIdGetCorrelationContextValue, dateTimeUtilsNow, dateTimeUtilsDuration, isInternalApplicationInsightsEndpoint, createDistributedTraceContextFromTrace, // Throttle manager ThrottleMgr, // Connection string parsing parseConnectionString, ConnectionStringParser, DistributedTracingModes, EventPersistence, SeverityLevel, RequestHeaders, // Constants DisabledPropertyName, ProcessLegacy, SampleRate, HttpMethod, DEFAULT_BREEZE_ENDPOINT, DEFAULT_BREEZE_PATH, strNotSpecified, // Telemetry classes Envelope, Event, Exception, Metric, PageView, PageViewPerformance, RemoteDependencyData, Trace, Data, dataSanitizeKeyAndAddUniqueness, dataSanitizeKey, dataSanitizeString, dataSanitizeUrl, dataSanitizeMessage, dataSanitizeException, dataSanitizeProperties, dataSanitizeMeasurements, dataSanitizeId, dataSanitizeInput, dsPadNumber, ConfigurationManager, ContextTagKeys, CtxTagKeys, Extensions, // Data types EventDataType, ExceptionDataType, MetricDataType, PageViewDataType, PageViewPerformanceDataType, RemoteDependencyDataType, RequestDataType, TraceDataType, // Envelope types EventEnvelopeType, ExceptionEnvelopeType, MetricEnvelopeType, PageViewEnvelopeType, PageViewPerformanc --- dist/es5/applicationinsights-common.js (bundled) --- /*! * Application Insights JavaScript SDK - Common, 3.4.1 * Copyright (c) Microsoft and contributors. All rights reserved. */ (function (global, factory) { typeof exports === 'object' && typeof module !== 'undefined' ? factory(exports) : typeof define === 'function' && define.amd ? define(['exports'], factory) : (global = typeof globalThis !== 'undefined' ? globalThis : global || self, factory((global.Microsoft = global.Microsoft || {}, global.Microsoft.ApplicationInsights = global.Microsoft.ApplicationInsights || {}))); })(this, (function (exports) { 'use strict'; /*! https://github.com/nevware21/ts-utils v0.13.0 */ /*#__NO_SIDE_EFFECTS__*/ function _pureAssign(func1, func2) { return func1 || func2; } /*#__NO_SIDE_EFFECTS__*/ function _pureRef(value, name) { return value[name]; } var UNDEF_VALUE = undefined; var NULL_VALUE = null; var EMPTY = ""; var FUNCTION = "function"; var OBJECT = "object"; var PROTOTYPE = "prototype"; var __PROTO__ = "__proto__"; var UNDEFINED = "undefined"; var CONSTRUCTOR = "constructor"; var SYMBOL = "Symbol"; var LENGTH = "length"; var NAME = "name"; var CALL = "call"; var TO_STRING = "toString"; var GET_OWN_PROPERTY_DESCRIPTOR = "getOwnPropertyDescriptor"; var GET_OWN_PROPERTY_SYMBOLS = "getOwnPropertySymbols"; var ObjClass$1 = ( /*#__PURE__*/_pureAssign(Object)); var ObjProto$1 = ( /*#__PURE__*/_pureRef(ObjClass$1, PROTOTYPE)); var StrCls = ( /*#__PURE__*/_pureAssign(String)); var StrProto = ( /*#__PURE__*/_pureRef(StrCls, PROTOTYPE)); var MathCls = ( /*#__PURE__*/_pureAssign(Math)); var ArrCls = ( /*#__PURE__*/_pureAssign(Array)); var ArrProto = ( /*#__PURE__*/_pureRef(ArrCls, PROTOTYPE)); var ArrSlice = ( /*#__PURE__*/_pureRef(ArrProto, "slice")); var POLYFILL_TAG = "_polyfill"; var POLYFILL_TYPE_NAME = "__nw21$polytype__"; function safe(func, argArray) { try { --- dist/es5/applicationinsights-common.min.js (bundled) --- /*! * Application Insights JavaScript SDK - Common, 3.4.1 * Copyright (c) Microsoft and contributors. All rights reserved. */ !function(e,n){"object"==typeof exports&&"undefined"!=typeof module?n(exports):"function"==typeof define&&define.amd?define(["exports"],n):n(((e="undefined"!=typeof globalThis?globalThis:e||self).Microsoft=e.Microsoft||{},e.Microsoft.ApplicationInsights=e.Microsoft.ApplicationInsights||{}))}(this,function(e){"use strict";function n(e,n){return e||n}function t(e,n){return e[n]}var h=undefined,I=null,s="",y="function",C="object",U="prototype",F="__proto__",q="undefined",B="constructor",$="Symbol",j="length",H="name",S="call",G="toString",J="getOwnPropertyDescriptor",i=n(Object),W=t(i,U),K=n(String),r=t(K,U),Y=n(Math),a=n(Array),Z=t(a,U),Q=t(Z,"slice"),X="_polyfill",ee="__nw21$polytype__";function N(e,n){try{return{v:e.apply(this,n)}}catch(t){return{e:t}}}function ne(n){return function(e){return typeof e===n}}function te(e){var n="[object "+e+"]";return function(e){return!(!e||W[G].call(e)!==n)}}function re(e){return typeof e===q||e===q}function D(e){return e===I||re(e)}function ie(e){return e===I||e===h}function ae(e){return!!e||e!==h}var v=ne("string"),x=ne(y);function oe(e){return(e||!D(e))&&e&&typeof e===C}var b=t(a,"isArray"),ue=te("Error");function ce(){}function se(){return[]}var f=n(K),fe="[object Error]";function m(e,n){var t=s,r=W[G][S](e);r===fe&&(e={stack:f(e.stack),message:f(e.message),name:f(e.name)});try{t=((t=JSON.stringify(e,I,n?"number"==typeof n?n:4:h))?t.replace(/"(\w+)"\s*:\s{0,1}/g,"$1: "):I)||f(e)}catch(i){t=" - "+m(i,n)}return r+": "+t}function le(e){throw new TypeError(e)}function ve(e){ie(e)&&le("Cannot convert undefined or null to object")}function p(e,n){return!!e&&W.hasOwnProperty[S](e,n)}var de=n(t(i,J),ce),pe=n(t(i,"hasOwn"),ge);function ge(e,n){return ve(e),p(e,n)||!!de(e,n)}function E(e,n,t){if(e&&(oe(e)||x(e)))for(var r in e)if(pe(e,r)&&-1===n[S](t||e,r,e[r]))break}function k(e,n,t){if(e)for(var r=e[j]>>>0,i= --- browser/es5/applicationinsights-common.js (bundled) --- /*! * Application Insights JavaScript SDK - Common, 3.4.1 * Copyright (c) Microsoft and contributors. All rights reserved. */ (function (global, factory) { var undef = "undefined"; typeof exports === "object" && typeof module !== undef ? factory(exports) : typeof define === "function" && define.amd ? define(["exports"], factory) : (function(global){ var nsKey, key, nm, theExports = {}, modName = "es5_applicationinsights_common_3_4_1", msMod="__ms$mod__"; var mods={}, modDetail=mods[modName]={}, ver="3.4.1"; var baseNs=global, nsKey="Microsoft", baseNs=baseNs[nsKey]=(baseNs[nsKey]||{}); // Versioned namespace "Microsoft.ApplicationInsights3" var exportNs=baseNs, nsKey="ApplicationInsights3", exportNs=exportNs[nsKey]=(exportNs[nsKey]||{}); // Global namespace "Microsoft.ApplicationInsights" var destNs=baseNs, nsKey="ApplicationInsights", destNs=destNs[nsKey]=(destNs[nsKey]||{}); var expNsDetail=(exportNs[msMod]=(exportNs[msMod] || {})), expNameVer=(expNsDetail["v"]=(expNsDetail["v"] || [])); var destNsDetail=(destNs[msMod]=(destNs[msMod] || {})), destNameVer=(destNsDetail["v"]=(destNsDetail["v"] || [])); (destNsDetail["o"]=(destNsDetail["o"] || [])).push(mods); factory(theExports); for(var key in theExports) { // Always set the imported value into the "export" versioned namespace (last-write wins) nm="x", exportNs[key]=theExports[key], expNameVer[key]=ver; // Copy over any named element that is not already present (first-write wins) typeof destNs[key]===undef ? (nm="n", destNs[key]=theExports[key]) && (destNameVer[key]=ver) : !destNameVer[key] && (destNameVer[key]="---");
