VDB
KO

MAL-2026-10609

Malicious code in utils-style-engine (npm)

Details

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (3049309c5f74bd1b453bcd51803cb7b8ddbbab2d3038f10d13e11a592dff6f52) The package declares a preinstall hook that runs index.js on npm install. index.js collects host identifiers (os.hostname(), os.userInfo(), uid/gid, shell, homedir, process.platform, cwd, and the output of `whoami`/`id` via child_process) and POSTs the collected data as JSON to a hardcoded external endpoint at https://mj9yg25wm8m4vnkrrok8lwcogfm6awyl.oastify.com/detox56 (a Burp Suite Collaborator subdomain). The package ships no other functionality: package.json has an empty description, empty author, no repository, and the generic name `utils-style-engine`; the only shipped file besides the manifest is the beacon script. The shape is consistent with a dependency-confusion / reconnaissance probe.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / utils-style-engine

No fixed version published yet for utils-style-engine (npm). Pin to a known-safe version or switch to an alternative.

References