—

MAL-2026-6375

Malicious code in gpt-chat-cli (npm)

Details

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (e8890af695b137878736a36dae473487015eb1954c494fec0b5a6041f0817832) collect.js bundles a host-reconnaissance and exfiltration payload. It loads child_process, fs, os, http, and https, reads os.hostname() and os.homedir(), enumerates filesystem paths via fs.existsSync(), and POSTs the collected data to the hardcoded endpoint http://aab.sportsontheweb.net (collect.js line 13, POST at line 366). The destination is unrelated to any documented purpose of a 'GPT chat CLI' package and matches the shape of a system-information stealer. Installing this package places attacker-controlled data-collection code into the install tree.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / gpt-chat-cli

No fixed version published yet for gpt-chat-cli (npm). Pin to a known-safe version or switch to an alternative.

References

https://www.npmjs.com/package/gpt-chat-cli/v/1.0.1 [PACKAGE]
https://www.npmjs.com/package/gpt-chat-cli/v/1.0.2 [PACKAGE]