MAL-2026-5746

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (d631443367624273d8b7d3347b2e173a72f3f7447424f25424dab8e68c4b1a25) package.json wires both preinstall and postinstall to `node callback.js`, which auto-executes on `npm install`. callback.js collects username, uid/gid, hostname, home directory, cwd, local network interfaces, and the external IP (fetched from api.ipify.org). It enumerates CI metadata (GITHUB_REPOSITORY, GITHUB_ACTOR, GITLAB_USER_LOGIN, JENKINS_URL, BUILD_NUMBER, etc.) and probes for the presence of AWS_ACCESS_KEY_ID, GITHUB_TOKEN, NPM_TOKEN, and DOCKER_PASSWORD in the environment. The aggregated JSON is POSTed to a hardcoded Discord webhook (discord.com/api/webhooks/1515440532359352331/...). A secondary covert channel base64-encodes package name, username, hostname, and a timestamp into a DNS subdomain and issues a `dns.resolve` query to leak the data when HTTP egress is restricted. The package is published at version 999.0.0 under a generic shared-library name — the canonical dependency-confusion shape designed to outrank internal `xy-shared` packages in resolvers that mix public and private registries. Self-described 'PoC' framing does not change the installer-side impact: any build that resolves this package leaks identity and CI-secret-presence flags to an attacker-controlled endpoint.