// npm 패키지
wdb-core
버전
22
메인테이너
1
라이선스
MIT
최초 publish
2025-08-12
publisher
asteroiddao
tarball
624,631 B
AUTO-PUBLISHED·1개 버전 인덱싱됨·최근 publish: 2025-10-27
// exfil path
what is read → where it shipssteals
- ○ home dir
sends to
(no destination string extracted — payload may be dynamic / obfuscated)
→ view full payload// publisher 캠페인by asteroiddao
이 계정에서 catch된 패키지 9건고립된 catch가 아닙니다. 동일 publisher가 8개의 다른 패키지를 추가로 발행했고, 모두 파이프라인이 catch했습니다 — 일회성이 아닌 조직적 캠페인의 형태. 아래 링크는 각 형제 catch의 분석으로 이동합니다.
// offending code· @0.1.1· 3 files flagged
- @0.1.1··AUTO-PUBLISHED·publisher: asteroiddaoheuristic 75/100static flags 3llm skippedmature-packageosv-flagged:MAL-2026-5191base64-decodechild-process-spawnreads-homedir
// offending code· 3 files flaggedpatterns: 3
--- package/esm/dev_parse_vec.js (excerpt) --- import { of } from "monade" import { keys, uniq, concat, compose, is, isNil, includes } from "ramda" import _fpjson from "fpjson-lang" const fpjson = _fpjson.default || _fpjson import { replace$ } from "./fpjson.js" function fields(ndata, odata) { let nkeys = keys(ndata) let okeys = keys(odata) return compose(uniq, concat(nkeys))(okeys) } function merge(data, state, old, env) { old ??= state.before let new_data = {} const _fields = fields(data, old) for (const k of _fields) { if (typeof data[k] !== "undefined") { if (data[k] !== null && is(Object, data[k]) && !isNil(data[k]._$)) { let vars = { signer: state.signer, ts: state.ts, id: env.id, owner: env.info.owner, } if (typeof data[k]._$ === "string") { if (data[k]._$ === "del") continue if (typeof vars[data[k]._$] !== "undefined") new_data[k] = vars[data[k]._$] } else { new_data[k] = fpjson(replace$([data[k]._$, old[k] ?? null]), vars) } } else new_data[k] = data[k] } else new_data[k] = old[k] } return new_data } function setData({ state, env }) { const { data, dir } = state if (isNil(env.kv.get("_", dir))) throw Error("dir doesn't exist") state.data = merge(data, state, {}, env) return arguments[0] } function updateData({ state, env }) { const { data, dir, doc } = state if (isNil(state.before)) throw Error("data doesn't exist") state.data = merge(dat --- package/esm/dev_write_sql.js (excerpt) --- import { of, ka } from "monade" import { parseOp } from "./utils.js" import init from "./dev_init.js" import parse from "./dev_parse.js" import auth from "./dev_auth.js" import write from "./dev_write.js" function ast2schema(ast) { if (!ast || ast.type !== "create" || ast.keyword !== "table") { throw new Error("Invalid CREATE TABLE AST") } const tableName = ast.table?.[0]?.table || "unknown_table" const schema = { title: tableName, type: "object", properties: {}, required: [], additionalProperties: false, } for (const def of ast.create_definitions) { if (def.resource !== "column") continue const colName = def.column?.column const sqliteType = def.definition?.dataType?.toUpperCase?.() || "TEXT" // Map SQLite types to JSON Schema types let jsType = "string" if (sqliteType.includes("INT")) jsType = "integer" else if (["REAL", "FLOAT", "DOUBLE"].some(t => sqliteType.includes(t))) jsType = "number" else if (sqliteType === "BOOLEAN") jsType = "boolean" else if (sqliteType === "BLOB") jsType = "string" // format: binary (optional) schema.properties[colName] = { type: jsType } const isNotNull = def.nullable?.type === "not null" const isPrimaryKey = def.primary_key === "primary key" if (isNotNull || isPrimaryKey) { if (!schema.required.includes(colName)) schema.required.push(colName) } } return schema } function sync({ state: { ts, nonce, op, query, ast }, msg, --- package/esm/fpjson.js (excerpt) --- import _fpjson from "fpjson-lang" const fpjson = _fpjson.default || _fpjson import { clone, complement, concat, without, split, uniq, path, map, isNil, keys, difference, intersection, is, tail, } from "ramda" const replace$ = arrs => { if (typeof arrs === "string") { return arrs.slice(0, 2) === "l$" ? ["toLower", { var: arrs.slice(2) }] : arrs.slice(0, 2) === "u$" ? ["toUpper", { var: arrs.slice(2) }] : arrs.slice(0, 2) === "o$" ? [["complement", ["isNil"]], { var: arrs.slice(2) }] : arrs.slice(0, 2) === "x$" ? ["isNil", { var: arrs.slice(2) }] : arrs.slice(0, 2) === "!$" ? ["not", { var: arrs.slice(2) }] : arrs.slice(0, 2) === "$$" ? tail(arrs) : arrs[0] === "$" ? { var: tail(arrs) } : arrs } else if (is(Array, arrs)) { if (arrs[0] === "toBatchAll") { return [ "pipe", ["var", "batch"], ["concat", ["__"], ["[]", ...arrs[1]]], ["let", "batch"], ] } else if (arrs[0] === "toBatch") { return [ "pipe", ["var", "batch"], ["append", ["[]", ...arrs[1]]], ["let", "batch"], ] } else { for (const [i, v] of arrs.entries()) arrs[i] = replace$(v) } } else if (typeof arrs === "object") { for (let k in arrs) arrs[k] = replace$(arrs[k]) } return arrs } const setElm = (k, d
