// npm 패키지
testnpmnmp
버전
22
메인테이너
1
라이선스
MIT
최초 publish
2022-07-27
publisher
asteroiddao
tarball
25,215,324 B
AUTO-PUBLISHED·2개 버전 인덱싱됨·최근 publish: 2026-05-26
// publisher 캠페인by asteroiddao
이 계정에서 catch된 패키지 9건고립된 catch가 아닙니다. 동일 publisher가 8개의 다른 패키지를 추가로 발행했고, 모두 파이프라인이 catch했습니다 — 일회성이 아닌 조직적 캠페인의 형태. 아래 링크는 각 형제 catch의 분석으로 이동합니다.
// offending code· @1.0.21· no static-pattern hits
llm: benign · 0.85→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
- @1.0.21··AUTO-PUBLISHED·publisher: asteroiddaoheuristic 89/100static flags 0llm benign (0.85) via ollamainstall-scripts:preinstallnew-publisher:1dmature-packagepublisher-multi-name-burst:16publisher-version-pump:17osv-flagged:MAL-2026-4691
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
// offending code· no static-pattern hits
--- install scripts --- ### preinstall ./scripts/postbuild --- package.json (entry) --- { "name": "testnpmnmp", "version": "1.0.21", "main": "dist/index.cjs.js", "license": "MIT", "scripts": { "build": "yarn clean && node build.js", "clean": "rimraf ./dist", "preinstall": "./scripts/postbuild" }, "devDependencies": { "esbuild": "^0.14.50", "rimraf": "^3.0.2" }, "dependencies": { "@esbuild-plugins/node-modules-polyfill": "^0.1.4", "@metamask/eth-sig-util": "^4.0.1", "eth-crypto": "^2.3.0", "ethereumjs-util": "^7.1.5", "ramda": "^0.28.0" }, "peerDependencies": { "arweave": "^1.11.4", "warp-contracts": "^1.1.14" } } --- index.js (entry) --- const EthCrypto = require("eth-crypto") const { all, complement, init, is, last, isNil } = require("ramda") /*let Arweave = require("arweave") Arweave = isNil(Arweave.default) ? Arweave : Arweave.default*/ const ethSigUtil = require("@metamask/eth-sig-util") const { privateToAddress } = require("ethereumjs-util") const { Warp, WarpNodeFactory, WarpWebFactory, LoggerFactory, } = require("warp-contracts") export default () => { console.log("hello") } --- bundled output (OSV-MAL flagged — LLM scope expansion) --- --- dist/index.cjs.js (bundled) --- var __defProp = Object.defineProperty; var __getOwnPropDesc = Object.getOwnPropertyDescriptor; var __getOwnPropNames = Object.getOwnPropertyNames; var __hasOwnProp = Object.prototype.hasOwnProperty; var __esm = (fn, res) => function __init() { return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res; }; var __commonJS = (cb, mod) => function __require() { return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports; }; var __export = (target, all2) => { for (var name2 in all2) __defProp(target, name2, { get: all2[name2], enumerable: true }); }; var __copyProps = (to, from2, except, desc) => { if (from2 && typeof from2 === "object" || typeof from2 === "function") { for (let key of __getOwnPropNames(from2)) if (!__hasOwnProp.call(to, key) && key !== except) __defProp(to, key, { get: () => from2[key], enumerable: !(desc = __getOwnPropDesc(from2, key)) || desc.enumerable }); } return to; }; var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); // node_modules/@babel/runtime/helpers/interopRequireDefault.js var require_interopRequireDefault = __commonJS({ "node_modules/@babel/runtime/helpers/interopRequireDefault.js"(exports2, module2) { function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { "default": obj }; } module2.exports = _interopRequireDefault, module2.exports.__esModule = true, module2.exports["default"] = module2.exports; } }); // node_modules/@babel/runtime/helpers/typeof.js var require_typeof = __commonJS({ "node_modules/@babel/runtime/helpers/typeof.js"(exports2, module2) { function _typeof(obj) { "@babel/helpers - typeof"; return module2.exports = _typeof = "function" == typeof Symbol && "symbol" == typeof Symbol.iterator ? function(obj2) { return typeof obj2; } : function(obj2) { return obj2 && "function" == typeof Symbol && obj2.construc --- dist/index.esm.js (bundled) --- var __defProp = Object.defineProperty; var __getOwnPropDesc = Object.getOwnPropertyDescriptor; var __getOwnPropNames = Object.getOwnPropertyNames; var __hasOwnProp = Object.prototype.hasOwnProperty; var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, { get: (a, b) => (typeof require !== "undefined" ? require : a)[b] }) : x)(function(x) { if (typeof require !== "undefined") return require.apply(this, arguments); throw new Error('Dynamic require of "' + x + '" is not supported'); }); var __esm = (fn, res) => function __init() { return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res; }; var __commonJS = (cb, mod) => function __require2() { return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports; }; var __export = (target, all2) => { for (var name2 in all2) __defProp(target, name2, { get: all2[name2], enumerable: true }); }; var __copyProps = (to, from2, except, desc) => { if (from2 && typeof from2 === "object" || typeof from2 === "function") { for (let key of __getOwnPropNames(from2)) if (!__hasOwnProp.call(to, key) && key !== except) __defProp(to, key, { get: () => from2[key], enumerable: !(desc = __getOwnPropDesc(from2, key)) || desc.enumerable }); } return to; }; var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); // node_modules/@babel/runtime/helpers/interopRequireDefault.js var require_interopRequireDefault = __commonJS({ "node_modules/@babel/runtime/helpers/interopRequireDefault.js"(exports2, module2) { function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { "default": obj }; } module2.exports = _interopRequireDefault, module2.exports.__esModule = true, module2.exports["default"] = module2.exports; } }); // node_modules/@babel/runtime/helpers/typeof.js var require_typeof = __commonJS({ "nod
