VDB
KO

MAL-2026-10590

Malicious code in openaiwrapper (npm)

Details

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (ea3d691208e7e5c443aa161241ca12c9b3eacb1b04428f886ea8c5fbec5a4d0c) The package's postinstall lifecycle hook runs.init.js, which reads a hardcoded list of credential-shaped environment variables (including NPM_TOKEN, GITHUB_TOKEN, AWS_SECRET_ACCESS_KEY, STRIPE_*, DB_PASSWORD, and other cloud/service tokens) and reads credential files under the user's home directory (~/.npmrc, ~/.env*, config.json, credentials.json, and token/secret files under ~/.config). It also collects host identifiers (hostname, platform, cwd, pid). The collected data is serialized and POSTed via https to the hardcoded endpoint https://webhook.cool/at/tender-deer-80/. This fires automatically on `npm install` with no user opt-in, and the package's name suggests it is impersonating an OpenAI client library.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / openaiwrapper

No fixed version published yet for openaiwrapper (npm). Pin to a known-safe version or switch to an alternative.

References