domain-admin@1.6.78
a domain ssl cert admin
→ Encoded payload + dynamic execution combo (event-stream / flatmap-stream shape) — embedded blob decoded and executed at install time. Fast-tracked.
// Code execution / obfuscation
pattern: function-constructor
Packages constructing and invoking new Function(...) at runtime. Equivalent to eval() — same hiding-the-payload pattern, common in obfuscated stealers.
18 packages flagged with this pattern (21 total publish events, collapsed by publisher+name). Newest first.
a domain ssl cert admin
→ Encoded payload + dynamic execution combo (event-stream / flatmap-stream shape) — embedded blob decoded and executed at install time. Fast-tracked.
Coding agent CLI with persistent memory, sub-agents, intelligent routing, and orchestration
→ Credential read (reads-ai-api-keys, reads-gitlab-tokens) paired with dest-via-hostname-var destination — classic exfiltration signature.
Node.js in your browser. Just like that.
→ Credential read (reads-ai-api-keys) paired with http-to-public-ip destination — classic exfiltration signature.
Node.js in your browser. Just like that.
→ Credential read (reads-ai-api-keys) paired with http-to-public-ip destination — classic exfiltration signature.
Coding agent CLI with read, bash, edit, write tools and session management
A decentralized NoSQL database powered by Arweave.
The forge that forges itself — self-writing meta-extension for OpenClaw
→ Credential read (reads-ai-api-keys) paired with webhook-bin destination — classic exfiltration signature.
QAECY UI Web Components
→ Encoded payload + dynamic execution combo (event-stream / flatmap-stream shape) — embedded blob decoded and executed at install time. Fast-tracked.
The Bold Reports by Syncfusion controls for JavaScript contains ReportViewer and ReportDesigner HTML5 and JavaScript reporting controls for enterprise web development
→ Credential read (reads-azure-creds) paired with http-to-public-ip destination — classic exfiltration signature.
Load node modules according to tsconfig paths, in run-time or via API.
→ No suspicious destination, no remote-exec shape — 1 other host(s).
Predeploy security scanner for the agent economy. 80+ vulnerability patterns. Runs locally, code never leaves your machine.
→ No suspicious destination, no remote-exec shape — 1 other host(s).
prettier-sdk is an opinionated code formatter
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
Generic frontend utilities for Node.js and browser environments
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
A fast, type-oriented database — strong consistency and rich indexing at the core, with sync, vector embeddings, full-text search, and AI tooling built in. Designed for the AI era.
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
A WASM binding of rust implementation for graph layout algorithms.
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
Geographic data editing tool based on L7
Select a one-, two-dimensional or irregular region using the mouse.
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
微信小程序f6组件
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s), 1 other host(s).