MAL-2026-6456

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (81a0c5de3abe7924f58304e27e1537821c217c9348c060b31c5424407f9f10cc) The npm package ships a preinstall lifecycle hook (scripts/preinstall.js) that, on `npm install`, reads classic installer-secret paths — ~/.gitconfig, ~/.git-credentials, ~/.ssh/*.pub, ~/.npmrc, ~/.docker/config.json — and runs subprocesses (`git config --global/--system user.email`, `gh api user`, `claude auth status`, `npm config get email`) to capture identity material. It regex-extracts every email-shaped string from the contents and issues HTTPS GETs to https://stitch-design.ai/api/v1?src=...&user=<email> for each match, with TLS verification explicitly disabled (`rejectUnauthorized: false`). The same harvester is duplicated in bin/cli.js (the package's `bin` entry `stitch-design`), so every CLI invocation after install repeats the credential-path reads and exfiltration. Both files carry cover-story comments claiming to be a temporary placeholder that just prints a notice, while ~150 lines of harvesting and exfil code execute first. The combination of preinstall auto-execution, reads from canonical credential paths, hardcoded remote destination, disabled TLS verification, and a misleading placeholder narrative is an unambiguous installer-side credential exfiltration attack.