VDB
EN

MAL-2026-10415

Malicious code in frontend-regulations (npm)

상세

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (6d88817d57907505adf7d303019c78adceb6da7bedf1e3416f2b9a1e80605ca1) frontend-regulations@99.9.1 is a near-empty wrapper (index.js exports an empty object) whose package.json declares the dependency 'ltidisafe' with the URL https://ltidi.storage.googleapis.com/depenconf/ltidisafe-3.3.3.tgz instead of a registry version. Installing this package causes npm to fetch a tarball from a Google Cloud Storage bucket unrelated to any documented publisher and place it into the installer's node_modules, where its lifecycle scripts and main entry execute during `npm install`. The wrapper package itself provides no functionality; its only effect is to smuggle the externally-hosted tarball into the dependency tree. The suspiciously high version number (99.9.1) combined with a hollow main entry and an off-registry dependency URL matches the dependency-chain dropper pattern.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

npm / frontend-regulations

No fixed version published yet for frontend-regulations (npm). Pin to a known-safe version or switch to an alternative.

참고