This analysis was performed using vet and SafeDep Cloud Malicious Package Analysis. Integrate with GitHub using vet-action GitHub Action.
Note: This report is updated by a verification record
Malicious package due to embedded executable, arbitrary code execution during install, command injection vulnerabilities, and untrustworthy source project.
Package compromised via npm token leak from phishing attack
Package compromised via phishing attack that led to npm token leak. Malicious versions released by attacker. Package maintainer has deprecated affected versions and released clean versions.
Note: This report is updated by a verification record
The package exhibits several suspicious behaviors indicative of malicious intent. Firstly, it contains an embedded executable (node-gyp.dll) with a mismatched extension, suggesting potential obfuscation. Secondly, the install.js script executed during installation allows arbitrary code execution. Finally, the package uses npm install and yarn add in a way that is vulnerable to command injection, where attacker-controlled package names or versions can lead to remote code execution. The low popularity of the source project further increases the risk.