MAL-2026-10413
Malicious code in eth-base (npm)
상세
--- _-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (bcc98bc680f3d0b8c6dcf396d9f2425a5153658259014384cedf82698413755b) The published lib/index.js contains ~60KB of obfuscated JavaScript appended after a copy of the legitimate web3.js web3-core-subscriptions module. On require(), the appended IIFE loads axios, issues an HTTPS request to a URL reconstructed at runtime from custom base-85 alphabets, and on a specific response constructs `new Function('require', <remote-token>)(require)` to execute attacker-supplied JavaScript in-process with full Node require access. The corresponding src/index.js is the clean upstream module, indicating the payload was injected only into the shipped build. The package name and description impersonate a web3.js helper (LGPL header still credits Fabian Vogelsteller <fabian@ethereum.org>) while the repository field is empty. Consumers who require this package receive arbitrary code execution on the installing host at load time.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
No fixed version published yet for eth-base (npm). Pin to a known-safe version or switch to an alternative.