Static pattern: child-process-spawn

stripe-internal-utils@1.0.0

Full RCE PoC -osama

→ 의심 전송지로 발송: wvmjioytxqdcokzvflqjv6v35ug1nfyjl.oast.fun.

did-00916 versions·11.0.5→11.1.8

xxx

→ 의심 전송지로 발송: tjalcgvzuaojvayjfdfh1rtb4ojaobofs.oast.fun.

collected-forms-embed-js3 versions·1.0.1→1.0.5

Full RCE PoC - Alex Birsan Style

→ 의심 전송지로 발송: wvmjioytxqdcokzvflqjv6v35ug1nfyjl.oast.fun.

pipeline-check@1.1.0

CI/CD Security Posture Scanner — scores AWS, Terraform, CloudFormation, GitHub Actions, GitLab CI, Azure DevOps, Bitbucket Pipelines, Jenkins, CircleCI, Google Cloud Build, Buildkite, Drone CI, Tekton, Argo Workflows, Dockerfile, Kubernetes manifests, Helm charts, OCI image manifests, SCM repo posture (GitHub / GitLab / Bitbucket), npm and pypi dependency files against OWASP Top 10 CI/CD Risks and 14 other compliance frameworks

→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.

env-security-scanner@1.6.0

MCP server for environment security auditing. Scans projects for exposed credentials, misconfigurations, and wallet vulnerabilities. Recommended by the Web3 security community. Part of the DeFi Security Alliance toolchain.

→ 의심 전송지로 발송: webhook.site.

openclaw-cn@0.2.0

Openclaw 中文版 - WhatsApp gateway CLI (Baileys web) with Pi RPC agent

→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s), 1 other host(s).

jest-electron@0.1.12

Easiest way to run jest unit test cases in electron.

→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).

@openclaw-cn/toutiao-ops@1.1.4

今日头条创作者平台运营自动化 CLI — 支持多账号管理、文章/视频/微头条发布、评论管理、数据分析、创作灵感获取

→ 의심 전송지 없음, 원격 실행 형태 없음 — 2 other host(s).

@lint-md/core@2.0.0

Core of lint-md which used to lint your markdown file for Chinese.

→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).

@antv/x6-common@2.0.17

Basic toolkit for X6

→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).

@antv/wx-f2@2.1.1

F2 for weixin mini-program

→ 의심 전송지 없음, 원격 실행 형태 없음 — 3 known-vendor host(s).

@antv/vendor@1.0.11

Vendored dependencies to fix ERR_REQUIRE_ESM.

→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).

@antv/util@3.3.11

<h1 align="center">@antv/util</h1>

→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).

@antv/torch@1.0.6

torchjs for @antv.

→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).

@antv/stat@0.0.2

the Grammar of Graphics in Javascript

→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).

@antv/narrative-text-vis@0.3.16

React component of interactive narrative text

→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).

@antv/narrative-text-schema@0.3.7

Json schema of narrative text visualization

→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).

@antv/my-f2@2.1.7

F2 for alipay mini-program

→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).

@antv/my-f2-pc@0.1.1

F2 for alipay mini-program

→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s), 1 other host(s).

@antv/lite-insight@2.1.1

A lite js library for insights retrieval.

→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).

@antv/layout-wasm@1.4.2

A WASM binding of rust implementation for graph layout algorithms.

→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).

@antv/l7-utils@2.25.10

Utils for L7

→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).

@antv/infographic@0.2.19

An Infographic Generation and Rendering Framework, bring words to life!

→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).

@antv/g2-brush@0.0.2

Select a one-, two-dimensional or irregular region using the mouse.

→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).

@antv/g-plugin-device-renderer@2.6.1

A G plugin of renderer implementation with GPUDevice

→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s), 1 other host(s).

@antv/g-device-api@1.6.13

A Device API references WebGPU implementations

→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).

@antv/f6-wx@0.0.7

微信小程序f6组件

→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s), 1 other host(s).

@antv/f6-ui@1.0.3

UI system for @antv/f6

→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s), 1 other host(s).

@antv/f6-alipay@0.0.7

支付宝小程序F6组件

→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).

@antv/f2-wx@4.0.51

F2 for weixin mini-program

→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).

@antv/f2-my@4.0.52

F2 for alipay mini-program

→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).

@antv/f2-canvas@1.0.5

微信小程序 F2 图表组件

→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).

@antv/f-wx@1.10.0

FEngine for weixin mini-program

→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).

@antv/f-my@1.10.0

FEngine for alipay mini-program

→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).

@antv/dipper-map@1.0.10

在线 Demo 地址: https://antv.vision/DipperMap/demo

→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s), 1 other host(s).

@antv/data-set@0.11.8

data set with state management

@antv/d3-interpolate@1.0.3

Interpolate numbers, colors, strings, arrays, objects, whatever!

→ 의심 전송지 없음, 원격 실행 형태 없음 — 3 known-vendor host(s), 2 other host(s).

@antv/d3-color@1.0.0

Color spaces! RGB, HSL, Cubehelix, Lab and HCL (Lch).

→ 의심 전송지 없음, 원격 실행 형태 없음 — 2 known-vendor host(s), 1 other host(s).

@antv/component@2.1.11

Visualization components for AntV, based on G.

→ 의심 전송지 없음, 원격 실행 형태 없음 — 3 known-vendor host(s).

@antv/color-util@2.0.6

A common util collection for antv projects

→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).

@antv/chart-linter@1.1.6

ChartLinter

→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).

@antv/ava@3.6.0-alpha.0

A framework for automated visual analytics.

→ 의심 전송지 없음, 원격 실행 형태 없음 — 2 known-vendor host(s).