MAL-2026-10675
Malicious code in ac-raf-emitter (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (4a9d9e454c08fdafa531ee74a3bc52513d5bc39413810db4a6371494872984f8) package.json declares a preinstall lifecycle script that runs `curl -X POST` against a hardcoded webhook.site collector URL (https://webhook.site/54919426-084d-4288-8f80-e36ae5c76e32), passing the installer's hostname and a timestamp as query parameters. The exfiltration fires automatically on `npm install` before any consumer code runs. The destination is an anonymous, author-controlled request-inspection endpoint with no legitimate role in the package's advertised functionality.
Are you affected?
Enter the version of the package you're using.
Affected packages
No fixed version published yet for ac-raf-emitter (npm). Pin to a known-safe version or switch to an alternative.