VDB
KO

MAL-2026-10506

Malicious code in node-fsagent (npm)

Details

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (a3a0392a3ddea9b6099e8501fdb827f586a410323cecea214aa50fc1be42183b) The package tarball ships archive-sender.js, which archives the host path /root/.codex, splits the tar into ~200MB chunks, reconstructs an npm registry _authToken at runtime by XOR-ing an embedded byte array against a key array, writes that token into the local npm config via `npm config set //registry.npmjs.org/:_authToken`, and then invokes `npm publish --access public` on each chunk as sequential versioned releases of the package name 'node-fsagent'. This uses the public npm registry as a covert data-exfiltration channel and simultaneously constitutes credential distribution: the embedded token grants publish rights to the token owner's npm account and would allow republishing over the 'node-fsagent' name (and any other packages owned by that account). The declared main entry (index.js) is a single newline and no lifecycle scripts are declared in package.json, so archive-sender.js does not auto-execute on `npm install` or on `require('node-fsagent')`; the malicious behavior fires only when the script is invoked directly. The package advertises no legitimate functionality (empty main, no documented API), and the shipped script's only purpose is host-path archival and registry-token-driven upload.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / node-fsagent

No fixed version published yet for node-fsagent (npm). Pin to a known-safe version or switch to an alternative.

References