MAL-2026-10530
Malicious code in cbr-internal-utils (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (fa96f42fade399b9e73756e2abd62eafbfa11e2eb02fe1055d9c7e025fba4ab7) On module load, the package's main entrypoint shells out via child_process.exec to run `cat /etc/passwd` and prints the contents to stdout. This fires unconditionally when any consumer `require()`s the package — no user action or configuration is needed. The package has an internal-sounding name and empty author/description metadata, consistent with a dependency-confusion probe or reconnaissance payload rather than a legitimate library. Reading /etc/passwd serves no library purpose and enumerates local user accounts on the installer's host.
Are you affected?
Enter the version of the package you're using.
Affected packages
No fixed version published yet for cbr-internal-utils (npm). Pin to a known-safe version or switch to an alternative.