ltcai12 versions·0.1.29→3.1.0
Lattice AI v3 local-first AI workspace platform with knowledge graph, vector index, hybrid search, agents, and workspace modes.
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
// Browsers
패턴: reads-chromium-creds
Packages whose static analysis matched this pattern. See the per-package detail pages for the offending code excerpt.
46개 패키지에 이 패턴이 매칭됨 (총 publish 이벤트 77건을 publisher+name 기준으로 묶음). 최신순.
Lattice AI v3 local-first AI workspace platform with knowledge graph, vector index, hybrid search, agents, and workspace modes.
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
a domain ssl cert admin
→ Encoded payload + dynamic execution combo (event-stream / flatmap-stream shape) — embedded blob decoded and executed at install time. Fast-tracked.
Coding agent CLI with persistent memory, sub-agents, intelligent routing, and orchestration
→ 크리덴셜 읽기 (reads-ai-api-keys, reads-gitlab-tokens) + 외부 전송지 dest-via-hostname-var 조합 — 전형적인 유출 패턴.
A set of disposable email domains
SPCSN Taro runtime API entry
AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 51 skills, 11 catalogs (439 CVEs / 177 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate,
→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.
Claws — Terminal Control Bridge for VS Code. One command to install.
→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.
Node.js in your browser. Just like that.
→ 크리덴셜 읽기 (reads-ai-api-keys) + 외부 전송지 http-to-public-ip 조합 — 전형적인 유출 패턴.
Node.js in your browser. Just like that.
→ 크리덴셜 읽기 (reads-ai-api-keys) + 외부 전송지 http-to-public-ip 조합 — 전형적인 유출 패턴.
AI-aware security scanner for VS Code — code vulnerabilities, LLM risks, secrets, dependencies, MCP & agent security
→ 크리덴셜 읽기 (reads-github-tokens, reads-aws-creds, reads-ai-api-keys, reads-azure-creds) + 외부 전송지 webhook-bin 조합 — 전형적인 유출 패턴.
Harper is an open-source Node.js performance platform that unifies database, cache, application, and messaging layers into one in-memory process.
→ 크리덴셜 읽기 (reads-aws-creds) + 외부 전송지 http-to-public-ip 조합 — 전형적인 유출 패턴.
Harper is an open-source Node.js performance platform that unifies database, cache, application, and messaging layers into one in-memory process.
→ 크리덴셜 읽기 (reads-aws-creds) + 외부 전송지 http-to-public-ip 조합 — 전형적인 유출 패턴.
Project subsystem bootstrapper CLI
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
AI agent plugin for AdminForth with tool-based workflows and persistent chat sessions
Coding agent CLI with read, bash, edit, write tools and session management
Microsoft Application Insights Common JavaScript Library
A comprehensive list of all free email domain providers
A Python package for Azure Genome.
The forge that forges itself — self-writing meta-extension for OpenClaw
→ 크리덴셜 읽기 (reads-ai-api-keys) + 외부 전송지 webhook-bin 조합 — 전형적인 유출 패턴.
Tricentis Sealights Python Agent - Quality Intelligence and Code Coverage
Desktop notifications for Claude Code, OpenAI Codex, and Gemini CLI
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
HTTP API server for ottocode
A professional full-stack YouTube Downloader powered by yt-dlp.
→ 크리덴셜 읽기 (reads-apple-cloudkit) + 외부 전송지 http-to-public-ip 조합 — 전형적인 유출 패턴.
Advanced email sender
A modified version of the Pokémon Showdown server, designed for PokeBedrock.
→ 크리덴셜 읽기 (reads-azure-creds) + 외부 전송지 pastebin-domain 조합 — 전형적인 유출 패턴.
Semver-oriented TypeScript library skeleton.
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
Use this package to link your projects together for local development.
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
The Bold Reports by Syncfusion controls for JavaScript contains ReportViewer and ReportDesigner HTML5 and JavaScript reporting controls for enterprise web development
→ 크리덴셜 읽기 (reads-azure-creds) + 외부 전송지 http-to-public-ip 조합 — 전형적인 유출 패턴.
Quasarr connects JDownloader with Radarr, Sonarr and Magazarr. It also decrypts links protected by CAPTCHAs.
abracadabra provider
Cloud Security Championship CI test utilities
→ 의심 전송지 없음, 원격 실행 형태 없음 — no network destinations.
A streaming music downloader.
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
Terminal changelog logger utilities
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
EPL - English Programming Language: write code in plain English. Build apps, web servers, and more.
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s), 2 other host(s).
Predeploy security scanner for the agent economy. 80+ vulnerability patterns. Runs locally, code never leaves your machine.
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 other host(s).
Terminal logger utilities
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
Unofficial Facebook Chat API for Node.js - by N1SA9
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
Search stories, reels, posts, highlights... on Insta in ionic apps
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
Facebook Chat API - Modified by EryXenX | Stable, Auto Re-login, Fixed setMessageReaction
→ 의심 전송지 없음, 원격 실행 형태 없음 — 2 other host(s).
Promise based HTTP client for the browser and node.js
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
A fast, type-oriented database — strong consistency and rich indexing at the core, with sync, vector embeddings, full-text search, and AI tooling built in. Designed for the AI era.
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
A Durable Task Client SDK for Python
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
TanStack Start host adapter for Byline CMS — server fns, auth context, integration glue, admin shell, and route factories
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s), 2 other host(s).