AI Security Review
scanned 2h ago · by lpm-firewall-aiAn npm preinstall hook exfiltrates install-host identity and the current working directory before package use. It uses HTTP, HTTPS, and DNS fallback channels.
Static reason
One or more suspicious static signals were detected.
Trigger
Installing `@iana-rzms/bff-sdk@1.0.0`.
Impact
Discloses CI/developer hostname, username, project path, and package resolution to a researcher-controlled host.
Mechanism
install-time host metadata beacon
Attack narrative
On installation, `preinstall.js` gathers `os.hostname()`, `os.userInfo().username` (or `USER`), and `process.cwd()`. It base64-encodes those values and sends them to an OAST host via HTTPS, HTTP fallback, and DNS lookup. The hook suppresses failures and terminates quietly, so installations can complete despite the outbound callback.
Rationale
This is concrete unconsented install-time telemetry exfiltration, not merely a dormant capability. The inert runtime module does not mitigate the preinstall beacon.
Evidence
package.jsonpreinstall.jsindex.jsindex.d.tsREADME.md
Network endpoints2
k4pzh6vg78iub3vxqhmml2q8wz2qqge5.oastify.compoc.k4pzh6vg78iub3vxqhmml2q8wz2qqge5.oastify.com
Decision evidence
public snapshotAI called this Malicious at 97.0% confidence as Malware with low false-positive risk.
Evidence for block
- `package.json` runs `node preinstall.js` during installation.
- `preinstall.js` collects hostname, OS username, and working directory.
- `preinstall.js` encodes and sends that data by HTTPS and HTTP GET.
- `preinstall.js` also performs DNS lookup to `poc.k4pzh6vg78iub3vxqhmml2q8wz2qqge5.oastify.com`.
- Install errors are swallowed, making the beacon non-blocking.
Evidence against
- `index.js` is an inert `mergeHeaders` no-op.
- No file writes, shell execution, secret-file reads, or remote code loading were found.
Behavioral surface
EnvironmentVarsNetwork
HighEntropyStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.preinstall = node preinstall.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.preinstall = node preinstall.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium2 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowHigh Entropy Strings