VDB
EN

MAL-2026-7001

Malicious code in rony-test (npm)

상세

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (873cd33646b64f2073cc37ed9649a3757fb8aa186d50f700cb8ad199196fd56c) The package's main entry (index.js) collects installer identity data — os.userInfo().username, process.env.INIT_CWD || process.cwd(), and os.hostname() — and POSTs the JSON body to a hardcoded webhook.site endpoint (https://webhook.site/7088d897-5b86-4deb-8d29-5b7a263a49b4) at module load time via require('https'). Any consumer that requires or imports this package leaks host and user identifiers to an author-controlled third-party sink with no consent and no documented purpose (package description is 'Researching'). A postinstall entry ('node indes.js') references a non-existent file and would fail with MODULE_NOT_FOUND, so the install-time trigger is broken, but the load-time exfiltration via the main module is functional.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

npm / rony-test

No fixed version published yet for rony-test (npm). Pin to a known-safe version or switch to an alternative.

참고