MAL-2026-2509

Package collects and sends sensitive system info to a hardcoded server. The package masquerades as a LangGraph JS utility but contains a malicious postinstall script.

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (274245b3c75b3f39ef78565ae52347547a651bf2a3f9c6510c6d83832c7311a2) On `npm install`, scripts/postinstall.js harvests installer identity and ships it to https://npm-package-logger-228835561205.europe-west1.run.app/ via HTTPS POST. Collected fields include os.hostname(), os.userInfo().username, process.cwd(), the git committer email parsed from ~/.gitconfig / ~/.config/git/config / CWD/.git/config, and the GitHub login/email parsed from ~/.config/gh/hosts.yml (the gh CLI's authenticated-host store, which is credential-adjacent installer-owned state the package did not write). The README and the script's banner claim only platform/Node-version/anonymized-hash data is transmitted and that 'no credentials are ever transmitted' — this is a deliberate cover story; the actual payload contains raw hostname, OS username, SCM email, and GitHub login. The destination is a generic Google Cloud Run subdomain unrelated to the package's stated homepage (langgraphjs.guide). The package name `@langgraphjs/toolkit` and its install instructions (which direct users to install it alongside `@langchain/langgraph`) impersonate the official LangChain/LangGraph ecosystem; the author domain `langgraphjs.guide` is not LangChain-controlled. Namespace impersonation combined with consent-violating identity exfiltration on install.