VDB
KO

MAL-2026-10232

Malicious code in salesforce-vscode-slds (npm)

Details

The salesforce-vscode-slds package was published to the npm registry by user 'click2ai' (maintainer email privatek3m@protonmail.com) as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization (a Salesforce SLDS / Lightning Design System VS Code tooling namespace) so that a misconfigured resolver installs this public lookalike instead of the intended private dependency.

The package declares a preinstall hook ("npm install @sentry/node && node examples/verify.js") that executes automatically at npm install time, before any application code runs. The bundled examples/verify.js initializes the @sentry/node client against a hardcoded, attacker-controlled Sentry DSN with sendDefaultPii enabled, resolves the installing host's public egress IP address by requesting Cloudflare's /cdn-cgi/trace endpoint (using a spoofed desktop-browser User-Agent to bypass bot challenges), then deliberately triggers a runtime exception and captures it. Flushing the event beacons the collected host telemetry (public IP plus Sentry default PII such as hostname, OS username and runtime/environment metadata) to the attacker's Sentry ingest endpoint at o4510485815754752.ingest.us.sentry.io.

Each impersonated namespace in the campaign beacons to a distinct Sentry project ID, letting the operator attribute successful installs to specific victim organizations — behaviour consistent with a dependency-confusion reconnaissance beacon rather than legitimate error monitoring. The install-time payload is byte-for-byte identical across all packages published by this account, differing only in the package name and the target DSN. This package's beacon targets Sentry project 4511716882972672.

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (0917b0d6d85d4b6d865e8d7febb4b84fe2ef0d526d18c1d754706f3213b2a485) The package name mimics Salesforce's SLDS/VS Code ecosystem but ships no SLDS functionality; it is a generic Sentry uploader authored by an unrelated party. The `preinstall` script (`npm install @sentry/node && node examples/verify.js`) runs on `npm install`: `examples/verify.js` initializes Sentry with a hardcoded DSN (`https://d4616e08f531447bd415e91fd21940a6@o4510485815754752.ingest.us.sentry.io/4511716882972672`) and `sendDefaultPii: true`, fetches the installer's public IP from Cloudflare's `cdn-cgi/trace`, attaches it as `ip_address` on the Sentry user scope, deliberately throws to generate an event, and flushes to the hardcoded endpoint — so installing the package emits the developer's egress IP and process metadata to a Sentry project the installer does not own. The package `main` (`src/index.js`) also hardcodes the same DSN as `DEFAULT_DSN`, so any consumer calling `init()`/`check`/`wrap`/`reportError` without an explicit `dsn` or `SENTRY_DSN` silently routes their runtime errors and default PII to the same author-controlled project. The typosquat name is the lure for developers expecting a Salesforce package.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / salesforce-vscode-slds
Introduced in: 0

No fixed version published yet for salesforce-vscode-slds (npm). Pin to a known-safe version or switch to an alternative.

References