// npm 패키지
sms-verification-api
SMS Phone Verification API using AWS SNS HTTP API with Hono server on Cloudflare Workers
버전
6
메인테이너
1
라이선스
MIT
최초 publish
2026-05-06
publisher
vtempest
tarball
207,968 B
AUTO-PUBLISHED·3개 버전 인덱싱됨·최근 publish: 2026-06-06
// exfil path
what is read → where it shipssteals
- ● AWS keys
sends to
(no destination string extracted — payload may be dynamic / obfuscated)
→ view full payload// offending code· @0.9.11· 3 files flagged
- @0.9.11··AUTO-PUBLISHED·publisher: vtempestheuristic 64/100static flags 2llm skippednew-publisher:14dhas-source-repopublisher-multi-name-burst:10publisher-version-pump:11reads-env-varsreads-aws-creds
// offending code· 3 files flaggedpatterns: 2
--- package/src/identity-verification-server.ts (excerpt) --- import { cors } from "hono/cors"; import { logger } from "hono/logger"; import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi"; // Input/Output Schemas const PersonInputSchema = z.object({ phone_number: z .string() .min(10) .max(15) .describe("Phone number in E.164 or local format"), legal_name: z .string() .min(1) .max(100) .describe("Full legal name of the person"), current_address: z .object({ street_line_1: z.string().min(1).max(1000), street_line_2: z.string().max(1000).optional(), city: z.string().min(1).max(500), state_code: z.string().length(2), postal_code: z.string().min(5).max(10), country_code: z.string().length(2).default("US"), }) .describe("Current address information"), }); const VerificationResponseSchema = z.object({ verification_score: z .number() .min(0) .max(100) .describe("Confidence score 0-100"), name_match_found: z.boolean(), phone_validated: z.boolean(), address_validated: z.boolean(), questions: z.array( z.object({ id: z.string(), question: z.string(), type: z.enum(["address_history", "phone_history", "name_verification"]), options: z.array(z.string()).optional(), }), ), historical_data: z.object({ previous_addresses: z.array(z.string()), previous_phones: z.array(z.string()), associated_names: z.array(z.string()), }), recommendations: z .array(z.string()) .describe("Sug --- package/src/verify-phone-server.ts (excerpt) --- /** * SMS API Server using Hono and AWS SNS. * * - Provides endpoints for sending and verifying SMS codes. * - Supports general SMS messaging with custom text. * - Supports API key authentication. * - Optionally blocks VoIP numbers using a phone lookup API. * - Designed for Cloudflare Workers, but testable locally. * * @module verify-phone-server */ import { cors } from "hono/cors"; import { logger } from "hono/logger"; import { secureHeaders } from "hono/secure-headers"; import { rateLimiter } from "hono-rate-limiter"; import { swaggerUI } from "@hono/swagger-ui"; import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi"; import verifyPhone from "./verify-phone"; interface Env { Bindings: { API_KEY?: string; AWS_ACCESS_KEY_ID?: string; AWS_SECRET_ACCESS_KEY?: string; AWS_REGION?: string; SMS_SENDER_ID?: string; }; } // Create the main app const app = new OpenAPIHono<Env>(); // Middleware app.use("*", logger()); app.use("*", secureHeaders()); app.use( "*", cors({ origin: ["*"], allowMethods: ["GET", "POST", "OPTIONS"], allowHeaders: ["Content-Type", "Authorization", "X-API-Key"], maxAge: 86400, }), ); // Rate limiting - lazy loaded to avoid global scope issues const createRateLimiter = () => rateLimiter({ windowMs: 15 * 60 * 1000, // 15 minutes limit: 100, message: "Too many requests from this IP, please try again later.", standardHeaders: true, keyGenerator: (c) => c.req.header("CF --- package/src/verify-phone.ts (excerpt) --- import { parsePhoneNumber, getNumberType } from 'libphonenumber-js'; interface VerifyPhoneOptions { /** * The phone number to send the SMS to (e.g., "+1234567890") */ phoneNumber: string; /** * The verification code to send (required) */ code: string; /** * AWS access key ID */ accessKeyId?: string; /** * AWS secret access key */ secretAccessKey?: string; /** * AWS region (default: 'us-east-1') */ awsRegion?: string; /** * Whether to block VoIP numbers (default: false) */ blockVoip?: boolean; /** * Method to use for VoIP detection: 'api' (external API) or 'libphonenumber' (default: 'api') */ voipDetectionMethod?: 'api' | 'libphonenumber'; /** * Whether to use libphonenumber-js for phone number formatting and validation (default: false) */ useLibPhoneNumber?: boolean; /** * Metadata type to use with libphonenumber-js: 'minimal' (75KB) or 'full' (140KB, default: 'minimal') * Full metadata provides better phone number type detection (MOBILE, FIXED_LINE, VOIP, etc.) */ metadataType?: 'minimal' | 'full'; /** * SMS sender ID (max 11 characters, default: 'Verify') */ senderId?: string; /** * SMS type ('Transactional' or 'Promotional', default: 'Transactional') */ smsType?: 'Transactional' | 'Promotional'; /** * Custom message
