// npm 패키지
prettier-sdk
prettier-sdk is an opinionated code formatter
버전
2
메인테이너
1
라이선스
MIT
최초 publish
2026-05-12
publisher
coindefi2026
tarball
8,602,538 B
AUTO-PUBLISHED·1개 버전 인덱싱됨·최근 publish: 2026-05-14
// exfil path
what is read → where it shipssteals
- ○ home dir
- ○ system info
sends to
(no destination string extracted — payload may be dynamic / obfuscated)
evidence in excerpt
> }) : x)(function(x) {
> (function(t){function e(){var o=t();return o.default||o}if(typeof exports=="object"&&typeof module=="object")module.exports=e();else if(typeof define=="function"&&define.amd)define(e);else{var f=typeo…// offending code· @1.0.2· 3 files flagged
llm: benign · 0.85→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
- @1.0.2··AUTO-PUBLISHED·publisher: coindefi2026heuristic 75/100static flags 6llm benign (0.85) via ollamainstall-scripts:postinstallnew-publisher:12dhas-source-repoosv-flagged:MAL-2026-4645reads-env-varsreads-homedirreads-system-infochild-process-spawnbase64-decodefunction-constructor
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
// offending code· 3 files flaggedpatterns: 6
--- install scripts --- ### postinstall node ./plugins/preinstall.js --- package/index.mjs (excerpt) --- import { createRequire as __prettierCreateRequire } from "module"; import { fileURLToPath as __prettierFileUrlToPath } from "url"; import { dirname as __prettierDirname } from "path"; const require = __prettierCreateRequire(import.meta.url); const __filename = __prettierFileUrlToPath(import.meta.url); const __dirname = __prettierDirname(__filename); var __create = Object.create; var __defProp = Object.defineProperty; var __getOwnPropDesc = Object.getOwnPropertyDescriptor; var __getOwnPropNames = Object.getOwnPropertyNames; var __getProtoOf = Object.getPrototypeOf; var __hasOwnProp = Object.prototype.hasOwnProperty; var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, { get: (a, b) => (typeof require !== "undefined" ? require : a)[b] }) : x)(function(x) { if (typeof require !== "undefined") return require.apply(this, arguments); throw Error('Dynamic require of "' + x + '" is not supported'); }); var __commonJS = (cb, mod) => function __require2() { return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports; }; var __export = (target, all) => { for (var name in all) __defProp(target, name, { get: all[name], enumerable: true }); }; var __copyProps = (to, from, except, desc) => { if (from && typeof from === "object" || typeof from === "function") { for (let key2 of __getOwnPropNames(from)) if (!__hasOwnProp.call(to, key2) && key2 !== except) --- package/standalone.js (excerpt) --- (function(t){function e(){var o=t();return o.default||o}if(typeof exports=="object"&&typeof module=="object")module.exports=e();else if(typeof define=="function"&&define.amd)define(e);else{var f=typeof globalThis<"u"?globalThis:typeof global<"u"?global:typeof self<"u"?self:this||{};f.prettier=e()}})(function(){"use strict";var Zn=Object.create;var Je=Object.defineProperty;var eo=Object.getOwnPropertyDescriptor;var to=Object.getOwnPropertyNames;var uo=Object.getPrototypeOf,ro=Object.prototype.hasOwnProperty;var no=(e,t)=>()=>(t||e((t={exports:{}}).exports,t),t.exports),Yt=(e,t)=>{for(var u in t)Je(e,u,{get:t[u],enumerable:!0})},ku=(e,t,u,r)=>{if(t&&typeof t=="object"||typeof t=="function")for(let o of to(t))!ro.call(e,o)&&o!==u&&Je(e,o,{get:()=>t[o],enumerable:!(r=eo(t,o))||r.enumerable});return e};var oo=(e,t,u)=>(u=e!=null?Zn(uo(e)):{},ku(t||!e||!e.__esModule?Je(u,"default",{value:e,enumerable:!0}):u,e)),ao=e=>ku(Je({},"__esModule",{value:!0}),e);var pn=no((af,dn)=>{var bt,At,_t,xt,Bt,$e,bu,Ke,Tt,fn,Nt,Ve,St,wt,Ot,pe,ln,Pt,It,Aa;St=/\/(?![*\/])(?:\[(?:[^\]\\\n\r\u2028\u2029]+|\\.)*\]|[^\/\\\n\r\u2028\u2029]+|\\.)*(\/[$_\u200C\u200D\p{ID_Continue}]*|\\)?/yu;Ve=/--|\+\+|=>|\.{3}|\??\.(?!\d)|(?:&&|\|\||\?\?|[+\-%&|^]|\*{1,2}|<{1,2}|>{1,3}|!=?|={1,2}|\/(?![\/*]))=?|[?~,:;[\](){}]/y;bt=/(\x23?)(?=[$_\p{ID_Start}\\])(?:[$_\u200C\u200D\p{ID_Continue}]+|\\u[\da-fA-F]{4}|\\u\{[\da-fA-F]+\})+/yu;Ot=/(['"])(?:[^'"\\\n\r]+|(?!\1)['"]|\\(?:\r\n|[^]))*(\1)?/y;Nt=/(?:0[xX][\da-fA-F](?:_?[\ --- package/standalone.mjs (excerpt) --- var Zn=Object.create;var Mt=Object.defineProperty;var eo=Object.getOwnPropertyDescriptor;var to=Object.getOwnPropertyNames;var uo=Object.getPrototypeOf,ro=Object.prototype.hasOwnProperty;var no=(e,t)=>()=>(t||e((t={exports:{}}).exports,t),t.exports),Yt=(e,t)=>{for(var u in t)Mt(e,u,{get:t[u],enumerable:!0})},oo=(e,t,u,r)=>{if(t&&typeof t=="object"||typeof t=="function")for(let o of to(t))!ro.call(e,o)&&o!==u&&Mt(e,o,{get:()=>t[o],enumerable:!(r=eo(t,o))||r.enumerable});return e};var ao=(e,t,u)=>(u=e!=null?Zn(uo(e)):{},oo(t||!e||!e.__esModule?Mt(u,"default",{value:e,enumerable:!0}):u,e));var dn=no((of,ln)=>{var yt,bt,At,_t,xt,$e,bu,Ke,Bt,cn,Tt,Ve,Nt,St,wt,pe,fn,Ot,Pt,Aa;Nt=/\/(?![*\/])(?:\[(?:[^\]\\\n\r\u2028\u2029]+|\\.)*\]|[^\/\\\n\r\u2028\u2029]+|\\.)*(\/[$_\u200C\u200D\p{ID_Continue}]*|\\)?/yu;Ve=/--|\+\+|=>|\.{3}|\??\.(?!\d)|(?:&&|\|\||\?\?|[+\-%&|^]|\*{1,2}|<{1,2}|>{1,3}|!=?|={1,2}|\/(?![\/*]))=?|[?~,:;[\](){}]/y;yt=/(\x23?)(?=[$_\p{ID_Start}\\])(?:[$_\u200C\u200D\p{ID_Continue}]+|\\u[\da-fA-F]{4}|\\u\{[\da-fA-F]+\})+/yu;wt=/(['"])(?:[^'"\\\n\r]+|(?!\1)['"]|\\(?:\r\n|[^]))*(\1)?/y;Tt=/(?:0[xX][\da-fA-F](?:_?[\da-fA-F])*|0[oO][0-7](?:_?[0-7])*|0[bB][01](?:_?[01])*)n?|0n|[1-9](?:_?\d)*n|(?:(?:0(?!\d)|0\d*[89]\d*|[1-9](?:_?\d)*)(?:\.(?:\d(?:_?\d)*)?)?|\.\d(?:_?\d)*)(?:[eE][+-]?\d(?:_?\d)*)?|0[0-7]+/y;pe=/[`}](?:[^`\\$]+|\\[^]|\$(?!\{))*(`|\$\{)?/y;Pt=/[\t\v\f\ufeff\p{Zs}]+/yu;Ke=/\r?\n|[\r\u2028\u2029]/y;Bt=/\/\*(?:[^*]+|\*(?!\/))*(\*\/)?/y;St=/\/\/.*/y;At=/[<>.:={}]|\/(?