MAL-2026-6716
Malicious code in test-pkg-pnpm (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (ae5df84cbdf3092d5f7b8f405248144eacdf5119c756c97726974e547810ebec) On `npm install`, the package's `postinstall` script (`node demo-clean.js`) auto-executes two installer-side actions without consent. First, `openDemo()` platform-branches via `execSync` to open https://github.com/X3r0Day/BunnyHijack in the installer's default browser and to spawn the OS calculator (`calc` on Windows, `open -a Calculator` on macOS, `gnome-calculator`/`kcalc` on Linux) — the canonical `calc.exe` proof of unauthenticated code execution on the installer's host. Second, `cleanup()` walks every ancestor directory of `INIT_CWD`, `process.cwd()`, and the user's home directory, calling `fs.rmSync(..., {recursive:true, force:true})` against paths inside each ancestor's `node_modules`, `node_modules/.pnpm`, `node_modules/.bin/node*` shims, `~/.npm/_npx`, `~/.bun/install/cache`, and tmpdir entries; `cleanupPackageJson()` then reads each ancestor `package.json` and rewrites it via `fs.writeFileSync` after deleting matching entries from `dependencies`, `devDependencies`, `optionalDependencies`, and `peerDependencies`. The destructive recursive-force-rm operates well outside the package's own directory and reaches the user's home tree, and the spawned-process primitive can be retargeted to any binary in a future release.
Are you affected?
Enter the version of the package you're using.
Affected packages
No fixed version published yet for test-pkg-pnpm (npm). Pin to a known-safe version or switch to an alternative.