MAL-2026-4730

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (d65cdf836cae85d721f6a982c5941bd18037d4a3554ec4b69cd5828591ee0e20) wml-components@99.0.1 declares `preinstall: node poc.js` in package.json, so `npm install` automatically runs poc.js with no consent step. poc.js iterates `process.env` and captures every variable whose name matches credential-shaped prefixes (TOKEN, AWS, AZURE, NPM, GITHUB, GITLAB, CI_, JENKINS, WALMART, WMT, BUILD, PROJECT, REPO, etc.) with full values, runs host-recon commands (`ip a`/`ipconfig /all`, `id`/`whoami /all`, `os.hostname()`, `os.platform()`), and walks up the directory tree reading the parent project's package.json and CI configuration (`.gitlab-ci.yml`, `.github/workflows`, `Jenkinsfile`, `azure-pipelines.yml`). The collected bundle is POSTed over HTTPS to a hardcoded interactsh out-of-band callback host (`d8a5d9pon5bugoc35cngp9hcregcqyezu.oast.me`, poc.js:11 and poc.js:113). The package's `main` is an empty object — it provides no functionality and exists only to execute the exfiltration payload. The name and version (`wml-components@99.0.1`) are shaped as a dependency-confusion lure against an internal Walmart `wml-*` namespace, with the high version number designed to win resolution over the legitimate internal package. Although the package description claims authorized bug-bounty testing, any developer or CI system outside the intended scope that resolves this name (mistyped dependency, public-mirror automation, untargeted CI) leaks credentials, source-tree metadata, and host identifiers to the attacker-controlled OAST endpoint.