// npm 패키지
react-dom-helper
AUTO-PUBLISHED·1개 버전 인덱싱됨·최근 publish: 2026-05-04
// exfil path
what is read → where it shipssteals
- ● AWS keys
- ● npm token
- ○ home dir
sends to
- ⌖ 104.248.94.23
// offending code· @1.0.0· 1 file flagged
llm: malicious · 0.95→ 크리덴셜 읽기 (reads-aws-creds, reads-npmrc) + 외부 전송지 http-to-public-ip 조합 — 전형적인 유출 패턴.
- @1.0.0··AUTO-PUBLISHED·publisher: k4nx9zfp82heuristic 83/100static flags 4llm malicious (0.95) via fast-trackinstall-scripts:preinstallnew-publisher:19dtiny-tarball:412bfirst-version-suspicious-publisherreads-aws-credsreads-npmrcreads-homedirhttp-to-public-ip
→ 크리덴셜 읽기 (reads-aws-creds, reads-npmrc) + 외부 전송지 http-to-public-ip 조합 — 전형적인 유출 패턴.
// NHI intent1 target·mixed harvest patterns·gate: always - gh CLI token storegh-cli-hosts