MAL-2026-5993

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (472354ac3cd0bba5d399eea2f09e4b7f60cb2cb65e20d4af0f6398882403f566) On `npm install`, the package's postinstall.js executes `whoami` via child_process and POSTs the output (along with stderr, error, and a timestamp) to a hardcoded webhook.site collector URL. The package self-describes as 'A simple date formatting utility' and contains no code matching that purpose; the only behavior on install is the host-identity beacon. Package metadata is consistent with a throwaway exfiltration artifact (placeholder name `sheratan_test_p`, empty author, generic description). Any developer or CI runner installing this package leaks their user/host context to an attacker-controlled third-party collector.