MAL-2026-6467

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (43ce5813fba2660b094a3e8a5c5a0bf2f1972530c294830c0a2e3d15dcd1b096) package.json declares preinstall="node index.js". On every npm install, index.js iterates process.env and harvests any variable whose name contains SECRET/TOKEN/PASSWORD/KEY/CREDENTIAL, plus an explicit list of high-value secrets (NPM_TOKEN, GITHUB_TOKEN, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AZURE_CLIENT_SECRET, GOOGLE_APPLICATION_CREDENTIALS, etc.). It also collects os.hostname(), os.userInfo().username, process.cwd(), process.platform, process.arch, and the output of execSync('ps -eo pid,pcpu,pmem,user,comm --sort=-pcpu | head -n 8'). The collected JSON is POSTed via https.request to a hardcoded Pipedream endpoint at eov0bmnid410yqf.m.pipedream.net. The package self-labels as a "PenTest design system" / canary but ships no design-system code — the main entry is solely the exfiltration script, and the @vpms scope appears to target an internal organization namespace (dependency-confusion shape). Self-labeling as a "pentest canary" does not excuse unsolicited bulk credential exfiltration from installers who never consented to a pentest scope.

## Source: ossf-package-analysis (321dc26d64d28a5a4f4d59f0d719944570cccc7e16173b205160b2db4e04720e) The OpenSSF Package Analysis project identified '@vpms/design-system' @ 0.1.3 (npm) as malicious.

It is considered malicious because:

- The package communicates with a domain associated with malicious activity.