HacktronAI

`{file_path}` enumerates the entire process.env object rather than reading a specific variable. Common precursor to exfiltrating GITHUB_TOKEN, AWS_*, and similar credentials.

▶ line 1: …on of `debug`.");le.colors=[6,2,3,4,5,1];try{let e=(ed(),Jp(Zs));e&&(e.stderr||e).level>=2&&(le.colors=[20,21,26,27,32,33,38,39,40,41,42,43,44,45,56,57,62,63,68,69,74,75,76,77,78,79,80,81,92,93,98,99,112,113,128,129,134,135,148,149,160,161,162,163,164,165,166,167,168,169,170,171,172,173,178,179,184,185,196,197,198,199,200,201,202,203,204,205,206,207,208,209,214,215,220,221])}catch{}le.inspectOpts=Object.keys(process.env).filter(e=>/^debug_/i.test(e)).reduce((e,a)=>{let t=a.substring(6).toLowerCase().replace(/_([a-z])/g,(p,r)=>r.toUpperCase()),i=process.env[a];return/^(yes|on|true|enabled)$/i.test(i)?i=!0:/^(no|off|false|disabled)$/i.test(i)?i=!1:i==="null"?i=null:i=Number(i),e[t]=i,e},{});function f4(){return"colors"in le.inspectOpts?!!le.inspectOpts.colors:u4.isatty(process.stderr.fd)}fun…

`{file_path}` imports `{module}` as `{binding}` but never references it. Often a sign that a payload was deleted from this file but the import was left behind.

▶ line 44: …ted===!0?super.onResponseError(e,this.reason):super.onResponseEnd(e,{})),!0}onResponseEnd(e,A){if(!this.#t){if(this.#r.aborted===!0){super.onResponseError(e,this.reason);return}super.onResponseEnd(e,A)}}};function _x({maxSize:t}={maxSize:1024*1024}){return e=>function(r,n){let{dumpMaxSize:s=t}=r,i=new Ih({maxSize:s,signal:r.signal},n);return e(r,i)}}Xp.exports=_x});var zp=y((mX,Kp)=>{"use strict";var{isIP:Px}=require("node:net"),{lookup:Vx}=require("node:dns"),Jx=wn(),{InvalidArgumentError:Ur,InformationalError:Wx}=X(),Ch=Math.pow(2,31)-1,Bh=class{#e=0;#t=new Map;constructor(e){this.#e=e.maxItems}get size(){return this.#t.size}get(e){return this.#t.get(e)??null}set(e,A){this.#t.set(e,A)}delete(e){this.#t.delete(e)}full(){return this.size>=this.#e}},ph=class{#e=0;#t=0;dualStack=!0;affinity=…