VDB
EN

MAL-2026-10626

Malicious code in @react-case/option (npm)

상세

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (c4beffda94b8ea554f153faaf508da7906f78d821d45d2fca7b7b61180740269) The package's main entrypoint (index.js) is heavily obfuscated with a string-array + RC4-style decoder that reconstructs all API names and the target URL at runtime. On module load it requires fs, os, path, crypto, and child_process, performs an HTTP GET against the runtime-reconstructed remote host, splits the response on ':', decrypts the parts with createDecipheriv using a hardcoded key/IV, writes the resulting bytes to a file under os.homedir(), and executes that file via child_process with cwd set to the user's home directory and windowsHide:true. The package ships no README, has an empty description and empty author metadata, and there is no legitimate library functionality — the only effect of requiring it is fetch-decrypt-write-exec of attacker-controlled code on the installer's machine.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

npm / @react-case/option

No fixed version published yet for @react-case/option (npm). Pin to a known-safe version or switch to an alternative.

참고