MAL-2026-10588
Malicious code in momenntjs (npm)
상세
--- _-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (6aae445dd0b77bd7409820067097404e4ccb16d658e7911c7c4e659146fdfad4) momenntjs is a typosquat of momentjs whose package.json postinstall hook runs `node.init.js`. On `npm install`,.init.js enumerates roughly 60 credential-shaped environment variables (including NPM_TOKEN, GITHUB_TOKEN, AWS_SECRET_ACCESS_KEY, STRIPE_*, DB_PASSWORD, SSH_KEY, GCP/AZURE/Cloudflare tokens, and TWINE credentials) and reads home-directory credential files including ~/.npmrc, ~/.env*, config/credentials.json, and files under ~/.config matching token/cred/secret patterns. It also collects host identifiers (os.hostname(), os.platform(), process.cwd(), process.pid) and POSTs the combined JSON payload to a hardcoded webhook.cool inbox at tender-deer-80. The package provides no legitimate functionality matching its name.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
No fixed version published yet for momenntjs (npm). Pin to a known-safe version or switch to an alternative.