—

MAL-2026-5983

Malicious code in metrics-probe-dc85 (npm)

Details

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (aaa3316d23c1a348fb5c68a36eb775ca51f90d0e44973508dd5a8ba5a139e932) On install, package.json declares `postinstall: node run.js`, which auto-executes run.js when the package is installed. run.js imports `os`, `fs`, `http`, `https`, and `child_process`, collects host identity via `os.hostname()` and `os.platform()`, reads from the local filesystem, and POSTs the gathered data over HTTP/HTTPS. The combination of automatic install-time execution, host-identity enumeration, filesystem reads, and outbound POST traffic is the canonical install-time host-fingerprinting / exfiltration pattern. Installing this package causes the installer's machine identity and local file content to be sent to a remote endpoint without consent.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / metrics-probe-dc85

No fixed version published yet for metrics-probe-dc85 (npm). Pin to a known-safe version or switch to an alternative.

References

https://www.npmjs.com/package/metrics-probe-dc85/v/1.0.0 [PACKAGE]