MAL-2026-6354

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (354a2aa5da5356bab1c97537f865ebdf6af3fcc24f74a6f7c6f78181265c8af2) package.json declares a dependency `foo` whose source URL is `https://3223567a82f3.ngrok.app/foo` — an ephemeral, anonymous ngrok tunnel with no version pin and no integrity hash. On `npm install`, npm fetches whatever tarball the tunnel currently serves and runs its lifecycle scripts (preinstall/install/postinstall) on the installer's machine. The tunnel operator can swap the served bytes at any time, so the package effectively delegates arbitrary code execution at install time to whoever controls the ngrok endpoint. The package itself has no functional surface: the declared `main: index.js` is absent from the tarball (which contains only a `foo` text file and `package.json`), so the only observable effect of installing it is the dependency-resolution fetch from the attacker-controlled tunnel. Package naming suggests this may be a bug-bounty proof of concept, but the install-time mechanism is identical to a real dropper.