AI Security Review
scanned 3h ago · by lpm-firewall-aiInstall lifecycle hooks run callback.js and beacon host/user/network metadata to an external OOB endpoint. The package is explicitly a dependency-confusion PoC for an internal scoped package name.
Decision evidence
public snapshot- package.json defines preinstall and postinstall hooks executing callback.js
- callback.js collects hostname, username, cwd, package dir, platform, internal IPv4s, and npm registry
- callback.js sends payload via DNS lookups and HTTP/HTTPS POST during install
- callback.js hardcodes researcher-controlled OOB host qmktj627.instances.httpworkbench.com
- README/package description identify this as a dependency-confusion PoC for an internal package name
- index.js is a no-op Proxy stub with no runtime collection
- callback.js uses Node built-ins only and does not read arbitrary project files
- No persistence, destructive actions, child_process, eval, native binaries, or credential-file harvesting found
Source & flagged code
5 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgSource appears to send environment or credential material through DNS lookups.
callback.jsView on unpkg · L10A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
callback.jsView on unpkg