MAL-2026-10589
Malicious code in nodeaxois (npm)
상세
--- _-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (ebf1f3f7342689c11ad7e8c17a1c584fe3ce15615db82868b289d9613b48a41a) The package declares scripts.postinstall: node.init.js, which runs automatically on npm install. The.init.js script collects host metadata (os.hostname(), os.platform(), process.cwd(), process.pid, timestamp), enumerates approximately 60 credential-shaped environment variables (NPM_TOKEN, GITHUB_TOKEN, AWS_SECRET_ACCESS_KEY, STRIPE_*, DOCKER_*, CLOUDFLARE_*, GCP, etc.), reads ~/.npmrc, ~/.env*, ~/config.json, ~/credentials.json, and files under ~/.config/ whose names contain token/cred/secret, and POSTs the aggregated JSON to a hardcoded https://webhook.cool/at/tender-deer-80/ endpoint. The package's index.js exports an empty object; the tarball provides no legitimate functionality. The name is a likely typosquat of axios.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
No fixed version published yet for nodeaxois (npm). Pin to a known-safe version or switch to an alternative.