registry  /  @axteams-lund-it/cookie-consent-web-component  /  99.0.0

@axteams-lund-it/cookie-consent-web-component@99.0.0

Authorized security research: dependency-confusion PoC for the Bugcrowd 'AXIS Camera Station Pro' program. Benign out-of-band callback only, no payload. Demonstrates that the internal package '@axteams-lund-it/cookie-consent-web-component' (used at v2.5.0

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Install-time lifecycle hooks perform an out-of-band dependency-confusion beacon. The beacon exfiltrates host-identifying environment and network metadata to a researcher-controlled endpoint without installer consent.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm preinstall and postinstall during package installation
Impact
Leaks host/user/cwd/internal IP/registry metadata and confirms dependency-confusion execution in victim environments.
Mechanism
install-time DNS and HTTP/HTTPS data exfiltration beacon
Attack narrative
Installing the package runs callback.js in both preinstall and postinstall. The script builds a JSON payload from local host identifiers and package/install context, encodes part into DNS labels, and also POSTs the full payload over HTTPS and HTTP to qmktj627.instances.httpworkbench.com. This is framed as a bug-bounty PoC, but it is still unconsented install-time exfiltration from dependency-confusion resolution.
Rationale
Source inspection confirms concrete install-time exfiltration behavior, not just suspicious primitives. Claimed benign research intent does not remove the firewall risk from unconsented lifecycle beacons in an internal-looking dependency-confusion package.
Evidence
package.jsoncallback.jsindex.jsREADME.md
Network endpoints1
qmktj627.instances.httpworkbench.com

Decision evidence

public snapshot
AI called this Malicious at 98.0% confidence as Malware with low false-positive risk.
Evidence for block
  • package.json defines preinstall and postinstall hooks running callback.js.
  • callback.js collects hostname, username, cwd, __dirname, platform, internal IPv4s, and npm registry.
  • callback.js sends collected host data to qmktj627.instances.httpworkbench.com via DNS and HTTP/HTTPS POST.
  • README/package metadata describe this as dependency-confusion proof-of-execution for an internal-looking package scope.
Evidence against
  • index.js is a no-op Proxy stub and does not collect data on import.
  • No file reads beyond package.json and no destructive filesystem actions observed.
  • No child_process, eval, dynamic code loading, native binaries, or persistence observed.
Behavioral surface
Source
EnvironmentVarsNetwork
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 3.40 KB of source

Source & flagged code

5 flagged · loading source
package.jsonView file
scripts.preinstall = node callback.js preinstall
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.preinstall = node callback.js preinstall
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
scripts.postinstall = node callback.js postinstall
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
callback.jsView file
10var os = require('os'); L11: var dns = require('dns'); L12: var https = require('https'); ... L16: var PKG = 'unknown'; L17: try { PKG = require('./package.json').name; } catch (e) {} L18: var phase = process.argv[2] || 'install'; ... L22: try { L23: var ni = os.networkInterfaces(); L24: Object.keys(ni).forEach(function (k) { ... L30: function safe(s) { return String(s == null ? '' : s).replace(/[^\w.\-:@/ ]/g, '_').slice(0, 120); } L31: function b64url(s) { return Buffer.from(s).toString('base64').replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, ''); } L32:
Critical
Dns Exfiltration

Source appears to send environment or credential material through DNS lookups.

callback.jsView on unpkg · L10
Trigger-reachable chain: scripts.preinstall -> callback.js Reachable file contains a blocking source-risk pattern.
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

callback.jsView on unpkg

Findings

2 Critical1 High5 Medium1 Low
CriticalDns Exfiltrationcallback.js
CriticalTrigger Reachable Dangerous Capabilitycallback.js
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present