// npm 패키지
verce2vue2test
This template should help get you started developing with Vue 3 in Vite.
버전
1
메인테이너
1
라이선스
ISC
최초 publish
2026-06-04
publisher
semo0527
tarball
2,228,053 B
AUTO-PUBLISHED·1개 버전 인덱싱됨·최근 publish: 2026-06-04
// exfil path
what is read → where it shipssteals
- ● npm token
- ○ clipboard
sends to
- ⌖ 188.253.12.45
- ⌖ 188.253.12.42
// offending code· @0.1.0· 4 files flagged
llm: malicious · 0.96→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.
- @0.1.0··AUTO-PUBLISHED·publisher: semo0527heuristic 40/100static flags 5llm malicious (0.96) via fast-tracknew-publisher:0dfirst-version-of-packageinstall-path-npm-publishhttp-to-public-ipclipboard-accesschild-process-spawnreads-npmrc
→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.
// offending code· 4 files flaggedpatterns: 5
--- package/package.json (excerpt) --- { "name": "verce2vue2test", "version": "0.1.0", "private": false, "type": "module", "scripts": { "dev": "vite", "build": "run-p type-check \"build-only {@}\" --", "preview": "vite preview", "build-only": "vite build", "type-check": "vue-tsc --build", "发布": "npm publish", "修订 ": "npm version patch", "次版本": "npm version minor", "主版本": "npm version major", "登录": "npm login ", "一键发布": "npm version patch && npm publish" }, "keywords": [ "express", "web", "application" ], "author": "", "license": "ISC", "dependencies": { "echarts": "^6.1.0", "element-plus": "^2.14.0", "pinia": "^3.0.4", "vue": "^3.5.32", "vue-router": "^5.0.4" }, "devDependencies": { "@tsconfig/node24": "^24.0.4", "@types/node": "^24.12.2", "@vitejs/plugin-vue": "^6.0.6", "@vue/tsconfig": "^0.9.1", "npm-run-all2": "^8.0.4", "typescript": "~6.0.0", "vite": "^8.0.8", "vite-plugin-vue-devtools": "^8.1.1", "vue-tsc": "^3.2.6" }, "engines": { "node": "^20.19.0 || >=22.12.0" }, "publishConfig": { "access": "public", "registry": "https://registry.npmjs.org" } } --- package/src/stores/login.ts (excerpt) --- import { h, ref } from 'vue' import { defineStore } from 'pinia' import { useRouter } from 'vue-router' import { ElNotification } from 'element-plus' import LoginSuccessNotification from '@/components/LoginSuccessNotification.vue' export const useLoginStore = defineStore('login', () => { const router = useRouter() const username = ref('') const password = ref('') const remember = ref(false) const loading = ref(false) async function login() { loading.value = true try { // 模拟登录请求 await new Promise((resolve) => setTimeout(resolve, 500)) const loginInfo = { current: { ip: '188.253.12.45', }, previous: { ip: '188.253.12.42', time: '2026-05-22 14:52:58', }, } ElNotification({ message: h(LoginSuccessNotification, loginInfo), customClass: 'login-success-notification', duration: 5000, offset: 16, position: 'bottom-right', showClose: true, }) router.push('/') } finally { loading.value = false } } return { username, password, remember, loading, login } }) --- package/mini2.0-main/package-lock.json (excerpt) --- { "name": "mini2.0", "version": "0.0.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "mini2.0", "version": "0.0.0", "dependencies": { "@iconify/vue": "^5.0.1", "@vueuse/core": "^14.3.0", "axios": "^1.16.1", "clipboard": "^2.0.11", "crypto-js": "^4.2.0", "dayjs": "^1.11.21", "nprogress": "^0.2.0", "pinia": "^3.0.4", "pinia-plugin-persistedstate": "^4.7.1", "qrcode": "^1.5.4", "vant": "^4.9.24", "vconsole": "^3.15.1", "vue": "^3.5.32", "vue-router": "^5.0.4" }, "devDependencies": { "@tsconfig/node24": "^24.0.4", "@types/node": "^24.12.2", "@vitejs/plugin-vue": "^6.0.6", "@vue/eslint-config-typescript": "^14.7.0", "@vue/tsconfig": "^0.9.1", "eslint": "^10.2.1", "eslint-config-prettier": "^10.1.8", "eslint-plugin-oxlint": "~1.60.0", "eslint-plugin-vue": "~10.8.0", "jiti": "^2.6.1", "less": "^4.6.4", "npm-run-all2": "^8.0.4", "oxlint": "~1.60.0", "postcss-px-to-viewport-8-plugin": "^1.2.5", "prettier": "3.8.3", "typescript": "~6.0.0", "unplugin-auto-import": "^21.0.0", "unplugin-vue-components": "^32.1.0", "vite": "^8.0.8", "vite-plugin-vue-devtools": "^8.1.1", "vue-tsc": "^3.2.6" }, "engines": { "node": "^20.19.0 || >= --- package/mini2.0-main/package.json (excerpt) --- { "name": "mini2.0", "version": "0.0.0", "private": true, "type": "module", "scripts": { "dev": "vite", "dev:test": "vite --mode test", "build": "run-p type-check \"build-only {@}\" --", "build:test": "run-s type-check build-only:test", "build:prod": "run-s type-check build-only:prod", "preview": "vite preview", "build-only": "vite build", "build-only:test": "vite build --mode test", "build-only:prod": "vite build --mode production", "type-check": "vue-tsc --build", "lint": "run-s lint:*", "lint:oxlint": "oxlint . --fix", "lint:eslint": "eslint . --fix --cache", "format": "prettier --write --experimental-cli src/" }, "dependencies": { "@iconify/vue": "^5.0.1", "@vueuse/core": "^14.3.0", "axios": "^1.16.1", "clipboard": "^2.0.11", "crypto-js": "^4.2.0", "dayjs": "^1.11.21", "nprogress": "^0.2.0", "pinia": "^3.0.4", "pinia-plugin-persistedstate": "^4.7.1", "qrcode": "^1.5.4", "vant": "^4.9.24", "vconsole": "^3.15.1", "vue": "^3.5.32", "vue-router": "^5.0.4" }, "devDependencies": { "@tsconfig/node24": "^24.0.4", "@types/node": "^24.12.2", "@vitejs/plugin-vue": "^6.0.6", "@vue/eslint-config-typescript": "^14.7.0", "@vue/tsconfig": "^0.9.1", "eslint": "^10.2.1", "eslint-config-prettier": "^10.1.8", "eslint-plugin-oxlint": "~1.60.0", "eslint-plugin-vue": "~10.8.0", "jiti": "^2.6.1", "less": "^4.6.4", "npm-r
