// npm 패키지
iterable.int
Iterate over ints.
버전
3
메인테이너
1
라이선스
SEE LICENSE IN license.md
최초 publish
2022-12-23
publisher
oresoftware
tarball
6,950 B
AUTO-PUBLISHED·1개 버전 인덱싱됨·최근 publish: 2026-06-03
// exfil path
what is read → where it shipssteals
- ○ system info
sends to
- ⚙ curl | bash(fetches + executes remote payload)
// publisher 캠페인by oresoftware
이 계정에서 catch된 패키지 3건고립된 catch가 아닙니다. 동일 publisher가 2개의 다른 패키지를 추가로 발행했고, 모두 파이프라인이 catch했습니다 — 일회성이 아닌 조직적 캠페인의 형태. 아래 링크는 각 형제 catch의 분석으로 이동합니다.
// offending code· @0.1.114· 2 files flagged
llm: malicious · 0.95→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
- @0.1.114··AUTO-PUBLISHED·publisher: oresoftwareheuristic 89/100static flags 3llm malicious (0.95) via fast-trackinstall-scripts:postinstallnew-publisher:0dhas-source-repopublisher-multi-name-burst:5publisher-version-pump:6public-github-pushreads-system-infocurl-pipe-bash
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
// offending code· 2 files flaggedpatterns: 3
--- install scripts --- ### postinstall ./assets/postinstall.sh --- package/package.json (excerpt) --- { "name": "iterable.int", "version": "0.1.114", "description": "Iterate over ints.", "main": "dist/main.js", "types": "dist/main.d.ts", "typings": "dist/main.d.ts", "scripts": { "build": "tsc -p tsconfig.json", "test": "npm run build && scripts/test.sh", "postinstall": "./assets/postinstall.sh", "tsc": "tsc -p tsconfig.json" }, "repository": { "type": "git", "url": "git+https://github.com/ORESoftware/iterable.int.git" }, "keywords": [ "typescript", "library", "skeleton", "scaffold" ], "author": "Olegzandr V.D.", "license": "SEE LICENSE IN license.md", "bugs": { "url": "https://github.com/ORESoftware/iterable.int/issues" }, "homepage": "https://github.com/ORESoftware/iterable.int#readme", "dependencies": { "express": "^4.18.2" }, "devDependencies": { "@types/express": "^4.17.15", "@types/node": "^12.7.2", "typescript": "^5.9.3" }, "r2g": { "test": "node .r2g/tests/phase-contract.cjs --phase-z" } } --- package/assets/postinstall.sh (excerpt) --- #!/usr/bin/env sh # note: we must use sh instead of bash, it's more cross-platform # for example in Alpine linux images/containers, etc set -e; if [ "$skip_postinstall" = "yes" ]; then # TODO rename 'skip_postinstall' to something more specific echo "skipping postinstall routine."; exit 0; fi export FORCE_COLOR=1; export skip_postinstall="yes"; # TODO rename 'skip_postinstall' to something more specific mkdir -p "$HOME/.oresoftware/bin" || { echo "Could not create .oresoftware dir in user home."; exit 1; } ( echo 'Installing run-tsc-if on your system.'; curl -H 'Cache-Control: no-cache' -s -S -o- 'https://raw.githubusercontent.com/oresoftware/run-tsc-if/master/install.sh' | bash || { echo 'Could not install run-tsc-if on your system. That is a problem.'; exit 1; } ) 2> /dev/null if [ "$(uname -s)" != "Darwin" ]; then exit 0; fi if [ ! -f "$HOME/.oresoftware/bin/realpath" ]; then ( curl --silent -o- 'https://raw.githubusercontent.com/oresoftware/realpath/master/assets/install.sh' | bash || { echo "Could not install realpath on your system."; exit 1; } ) fi # the end of the postinstall script
