VDB
EN

MAL-2026-10413

Malicious code in eth-base (npm)

상세

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (bcc98bc680f3d0b8c6dcf396d9f2425a5153658259014384cedf82698413755b) The published lib/index.js contains ~60KB of obfuscated JavaScript appended after a copy of the legitimate web3.js web3-core-subscriptions module. On require(), the appended IIFE loads axios, issues an HTTPS request to a URL reconstructed at runtime from custom base-85 alphabets, and on a specific response constructs `new Function('require', <remote-token>)(require)` to execute attacker-supplied JavaScript in-process with full Node require access. The corresponding src/index.js is the clean upstream module, indicating the payload was injected only into the shipped build. The package name and description impersonate a web3.js helper (LGPL header still credits Fabian Vogelsteller <fabian@ethereum.org>) while the repository field is empty. Consumers who require this package receive arbitrary code execution on the installing host at load time.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

npm / eth-base

No fixed version published yet for eth-base (npm). Pin to a known-safe version or switch to an alternative.

참고