// npm package
@opensearch-project/opensearch
The official OpenSearch client for Node.js
versions
37
maintainers
3
license
Apache-2.0
first publish
2021-09-30
publisher
GitHub Actions
tarball
2,225,819 B
AUTO-PUBLISHED·1 version indexed·latest published 2026-04-27
// exfil path
what is read → where it shipssteals
- ○ home dir
- ○ system info
sends to
(no destination string extracted — payload may be dynamic / obfuscated)
evidence in excerpt
> "homepage": "https://www.opensearch.org/", > * http://www.apache.org/licenses/LICENSE-2.0 > * http://www.apache.org/licenses/LICENSE-2.0
// publisher campaignby GitHub Actions
9 caught packages from this accountThis is not an isolated catch. The same publisher has shipped 8 other packages that our pipeline flagged — the shape of a coordinated campaign, not a one-off. Each link below opens that sibling's analysis.
// offending code· @3.6.0· 3 files flagged
llm: benign · 0.85→ No suspicious destination, no remote-exec shape — 3 other host(s).
- @3.6.0··AUTO-PUBLISHED·publisher: GitHub Actionsheuristic 75/100static flags 5llm benign (0.85) via ollamamature-packagehas-source-repoosv-flagged:MAL-2026-3434public-github-pushreads-env-varsbase64-decodereads-homedirreads-system-info
→ No suspicious destination, no remote-exec shape — 3 other host(s).
// offending code· 3 files flaggedpatterns: 5
--- package/package.json (excerpt) --- { "name": "@opensearch-project/opensearch", "description": "The official OpenSearch client for Node.js", "main": "index.js", "types": "index.d.ts", "exports": { ".": { "require": "./index.js", "types": "./index.d.ts", "import": "./index.mjs" }, "./aws": "./lib/aws/index.js", "./aws-v3": "./lib/aws/index-v3.js", "./*": "./*" }, "typesVersions": { "*": { ".": [ "index.d.ts" ], "aws": [ "./lib/aws/index.d.ts" ], "aws-v3": [ "./lib/aws/index-v3.d.ts" ] } }, "files": [ "api/", "lib/", "index.d.ts", "index.js", "index.mjs", "README.md", "LICENSE.txt" ], "homepage": "https://www.opensearch.org/", "version": "3.6.0", "versionCanary": "7.10.0-canary.6", "keywords": [ "opensearch", "opensearchDashboards", "mapping", "REST", "search", "client", "index" ], "scripts": { "test": "npm run lint && tap test/{unit,acceptance}/{*,**/*,**/**/*}.test.js && npm run test:types", "test:unit": "tap test/unit/{*,**/*,**/**/*}.test.js", "test:acceptance": "tap test/acceptance/*.test.js", "test:integration": "node test/integration/index.js", "test:integration:helpers": "tap test/integration/helpers/*.test.js", "test:integration:helpers-secure": "tap test/integration/helpers-secure/*.test.js", "test:types": "tsd", "test:coverage-90": "tap test/{unit,acceptance}/{*,**/*,**/**/*}.test --- package/lib/Client.js (excerpt) --- /* * Copyright OpenSearch Contributors * SPDX-License-Identifier: Apache-2.0 * * The OpenSearch Contributors require contributions made to * this file be licensed under the Apache-2.0 license or a * compatible open source license. * */ /* * Licensed to Elasticsearch B.V. under one or more contributor * license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright * ownership. Elasticsearch B.V. licenses this file to you under * the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ 'use strict'; const { EventEmitter } = require('events'); const { URL } = require('url'); const debug = require('debug')('opensearch'); const Transport = require('./Transport'); const Connection = require('./Connection'); const { ConnectionPool, CloudConnectionPool } = require('./pool'); const Helpers = require('./Helpers'); const Serializer = require('./Serializer'); const errors = require('./errors'); const { ConfigurationError } = errors; const { --- package/lib/Transport.js (excerpt) --- /* * Copyright OpenSearch Contributors * SPDX-License-Identifier: Apache-2.0 * * The OpenSearch Contributors require contributions made to * this file be licensed under the Apache-2.0 license or a * compatible open source license. * */ /* * Licensed to Elasticsearch B.V. under one or more contributor * license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright * ownership. Elasticsearch B.V. licenses this file to you under * the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ 'use strict'; const debug = require('debug')('opensearch'); const os = require('os'); const { gzip, unzip, createGzip } = require('zlib'); const buffer = require('buffer'); const ms = require('ms'); const { EventEmitter } = require('events'); const { ConnectionError, RequestAbortedError, NoLivingConnectionsError, ResponseError, ConfigurationError, } = require('./errors'); const noop = () => {}; const compatibleCheckEmitter = new EventEmit
