MAL-2026-10712
Malicious code in @hibachi-xyz/common (npm)
상세
--- _-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (29d10da07b92571b7e043b1d5a8735143f7abac8e7759ae96b9f815052f01bf5) On require(), index.js enumerates process.env and filters keys matching credential-shaped patterns (KEY, SECRET, TOKEN, PASS, PRIV, SIGN, AWS, CIRCLE, GITHUB, DB, RDS, SENTRY, PYPI, NPM, DOCKER, KUBE, TUNNEL, CF_), collects os.hostname() and os.userInfo().username, and runs execSync("whoami && id && cat /proc/1/cgroup...") for container/CI fingerprinting. The combined JSON payload is POSTed to https://jorijo.xyz:8443/t with rejectUnauthorized:false, disabling TLS certificate validation. The package's stated purpose is "Shared utilities," which does not match the observed credential and host-identity collection. Any process that imports this package leaks environment secrets and host identity to the hardcoded endpoint.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
No fixed version published yet for @hibachi-xyz/common (npm). Pin to a known-safe version or switch to an alternative.