// npm package
@augustdigital/sdk
JS SDK powering the August Digital ecosystem.
versions
479
maintainers
5
license
MIT
first publish
2024-06-27
publisher
angello-in-august
tarball
1,669,116 B
AUTO-PUBLISHED·1 version indexed·latest published 2026-06-03
// exfil path
what is read → where it shipssteals
- ● Slack tokens
- ● npm token
- ● Seed phrase
sends to
(no destination string extracted — payload may be dynamic / obfuscated)
evidence in excerpt
> const REGISTRY_URL = `https://registry.npmjs.org/${NPM_PACKAGE}/latest`;
> export declare const DEFAULT_SLACK_WEBHOOK_URL = "T04CM84GAV6/B0A2DS3ST8C/FLtOA3Jna3FN7UO4DoGxHfhG";
> exports.SLACK = exports.DEFAULT_SLACK_WEBHOOK_URL = void 0;
> exports.DEFAULT_SLACK_WEBHOOK_URL = 'T04CM84GAV6/B0A2DS3ST8C/FLtOA3Jna3FN7UO4DoGxHfhG';
> const webhookUrl = `https://hooks.slack.com/services/${slackWebookUrl}`;// offending code· @7.0.1· 4 files flagged
- @7.0.1··AUTO-PUBLISHED·publisher: angello-in-augustheuristic 64/100static flags 4llm skippednew-publisher:0dmature-packagepublisher-multi-name-burst:3publisher-version-pump:8reads-slack-tokensreads-env-varsreads-npmrcreads-seed-phrase
// offending code· 4 files flaggedpatterns: 4
--- package/lib/services/subgraph/vaults.js (excerpt) --- "use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.isOldSubgraphSchema = isOldSubgraphSchema; exports.getSubgraphWithdrawRequests = getSubgraphWithdrawRequests; exports.getSubgraphWithdrawProccessed = getSubgraphWithdrawProccessed; exports.getSubgraphAllWithdrawals = getSubgraphAllWithdrawals; exports.getSubgraphUserHistory = getSubgraphUserHistory; exports.getSubgraphVaultHistory = getSubgraphVaultHistory; exports.getSubgraphUserTransfers = getSubgraphUserTransfers; const slack_1 = require("../../core/logger/slack"); const fetcher_1 = require("./fetcher"); const core_1 = require("../../core"); const fetcher_2 = require("../../modules/vaults/fetcher"); const GOLDSKY_API_KEY = 'cmd0lz6qf35lg01ty7u20aijy'; function needsMonadSuffix(chainId, symbol) { return chainId === 143 && symbol.toLowerCase() === 'earnausd'; } function transformUserHistory(data, chainId, decimals, poolAddress) { return [ ...(data.withdraws?.map((item) => ({ ...item, contractId_: item.contractId_ || poolAddress, address: item.receiver, amount: item.assets, chainId: chainId, type: 'withdraw-processed', transactionHash: item.transactionHash_, timestamp: item.timestamp_, decimals: decimals, isInstant: true, })) || []), ...(data.withdrawalRequesteds?.map((item) => ({ ...item, contractId_: item.contractId_ --- package/lib/core/version-check.js (excerpt) --- "use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.compareSemver = compareSemver; exports.runVersionCheck = runVersionCheck; exports._resetVersionCheckForTests = _resetVersionCheckForTests; let hasRunCheck = false; const NPM_PACKAGE = '@augustdigital/sdk'; const REGISTRY_URL = `https://registry.npmjs.org/${NPM_PACKAGE}/latest`; const REQUEST_TIMEOUT_MS = 5000; function getInstalledVersion() { try { const mod = require('./analytics/version'); const v = mod.SDK_VERSION; if (!v || v === 'development') return null; return v; } catch { return null; } } function readEnv(name) { try { if (typeof process !== 'undefined' && process.env) { return process.env[name]; } } catch { } return undefined; } function compareSemver(a, b) { const stripPre = (v) => v.split('-')[0]; const parse = (v) => stripPre(v) .split('.') .map((part) => { const n = Number.parseInt(part, 10); return Number.isFinite(n) ? n : 0; }); const aParts = parse(a); const bParts = parse(b); const len = Math.max(aParts.length, bParts.length); for (let i = 0; i < len; i++) { const av = aParts[i] ?? 0; const bv = bParts[i] ?? 0; if (av !== bv) return av - bv; } return 0; } function runVersionCheck(config) { if (hasRunCheck) return; hasRunCheck = true; if (c --- package/lib/core/logger/slack.d.ts (excerpt) --- export declare const DEFAULT_SLACK_WEBHOOK_URL = "T04CM84GAV6/B0A2DS3ST8C/FLtOA3Jna3FN7UO4DoGxHfhG"; declare function error(options: { title: string; error: string; poolAddress: string; chainId: number; slackWebookUrl: string; address?: string; }): void; export declare const SLACK: { error: typeof error; }; export {}; --- package/lib/core/logger/slack.js (excerpt) --- "use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.SLACK = exports.DEFAULT_SLACK_WEBHOOK_URL = void 0; const core_1 = require("../helpers/core"); const explorer_link_1 = require("../helpers/explorer-link"); const sanitize_1 = require("../analytics/sanitize"); exports.DEFAULT_SLACK_WEBHOOK_URL = 'T04CM84GAV6/B0A2DS3ST8C/FLtOA3Jna3FN7UO4DoGxHfhG'; function error(options) { const { title, error, poolAddress, chainId, slackWebookUrl, address } = options; if (!slackWebookUrl) { return; } if (!error) { console.error('#Slack.error: error is undefined'); return; } if (!poolAddress) { console.error('#Slack.error: poolAddress is undefined'); return; } if (!title) { console.error('#Slack.error: type is undefined'); return; } if (!address) { console.error('#Slack.error: address is undefined'); return; } if (!chainId) { console.error('#Slack.error: chainId is undefined'); return; } (async () => { const webhookUrl = `https://hooks.slack.com/services/${slackWebookUrl}`; const safeError = (0, sanitize_1.sanitizeString)(String(error)); const safeTitle = (0, sanitize_1.sanitizeString)(String(title)); const data = { text: `*Error: ${safeTitle}*\n${new Date().toUTCString()}\n\nPool: [${(0, core_1.truncate)(poolAddress)}](${(0, explorer_link_1.explorerLink)(poolAddress, chainId,
