// Code execution / obfuscation

new Function() dynamic code

패턴: function-constructor

Packages constructing and invoking new Function(...) at runtime. Equivalent to eval() — same hiding-the-payload pattern, common in obfuscated stealers.

4개 패키지에 이 패턴이 매칭됨. 최신순.

AUTO-PUBLISHED/npm/2024-09-06/MAL-2026-4058
@antv/layout-wasm@1.4.2
by iaaron
A WASM binding of rust implementation for graph layout algorithms.
function-constructorchild-process-spawn
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
weekly
—
/wk
llm verdict
benign 0.85
h-score
75
patterns
2
AUTO-PUBLISHED/npm/2024-03-29/MAL-2026-4039
@antv/l7-editor@1.1.13
by yanxiong
Geographic data editing tool based on L7
install-path-npm-publishclipboard-accesseval-dynamicfunction-constructor
weekly
76
/wk
h-score
75
patterns
4
size
AUTO-PUBLISHED/npm/2017-12-15/MAL-2026-3974
@antv/g2-brush@0.0.2
by simaq
Select a one-, two-dimensional or irregular region using the mouse.
→ sends tohttps://zenorocha.github.io/clipboard.js
reads-env-varsclipboard-accessfunction-constructorchild-process-spawnreads-homedir
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
weekly
—
/wk
AUTO-PUBLISHED/npm/2023-01-18/MAL-2026-3907
@antv/f6-wx@0.0.7
by openwayne
微信小程序f6组件
steals →Apple/CloudKit
reads-apple-cloudkitchild-process-spawnfunction-constructor
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s), 1 other host(s).
weekly
—
/wk
llm verdict
benign 0.85

size

2.5 MB

versions

24

1.0 MB

versions

26

llm verdict

benign 0.85

h-score

75

patterns

5

versions

2

h-score

75

patterns

3

size

2.6 MB

versions

7

new Function() dynamic code

@antv/layout-wasm@1.4.2

@antv/l7-editor@1.1.13

@antv/g2-brush@0.0.2

@antv/f6-wx@0.0.7