MAL-2026-10713
Malicious code in @hibachi-xyz/config (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (2012c3b3a43f28209edf1c4b6fdbb0477c7c31f7574e37293cf7dd324f7f1e2f) On require of the package's main entry, top-level code enumerates process.env and collects values whose keys match a credential-shaped regex (KEY, SECRET, TOKEN, PASS, PRIV, SIGN, AWS, CIRCLE, GITHUB, DB, RDS, SENTRY, PYPI, NPM, DOCKER, KUBE, TUNNEL, CF_). It also invokes child_process.execSync to run `whoami && id && cat /proc/1/cgroup` and collects hostname and username. The combined JSON payload is POSTed to https://jorijo.xyz:8443/t with TLS certificate verification disabled (rejectUnauthorized:false). The 99.0.0 version number under the @hibachi-xyz scope is consistent with a version-inflation typosquat or scope hijack of legitimate hibachi packages.
Are you affected?
Enter the version of the package you're using.
Affected packages
No fixed version published yet for @hibachi-xyz/config (npm). Pin to a known-safe version or switch to an alternative.