registry  /  @k18n/creatormarketplace-admin-language  /  99.0.2

@k18n/creatormarketplace-admin-language@99.0.2

Security research - dependency confusion proof of concept. This package demonstrates that the @k18n npm scope was unclaimed while being used internally by Kuaishou. Contact: assassin_marcos@wearehackerone.com

OSV Malicious Advisory

scanned 2h ago · by OpenSSF/OSV

OpenSSF/OSV advisory MAL-2026-6550 confirms this npm version as malicious. Package claims the @k18n npm scope (used internally by Kuaishou) and publishes at version 99.0.0 — the canonical high-version dependency-confusion shape that causes internal builds resolving @k18n from public npm to pull this artifact. A preinstall script in index.js collects host identifiers (os.hostname(), os.userInfo().username, install directory, cwd, package version) and transmits them to c.adityasec.com over...

Advisory
MAL-2026-6550
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in @k18n/creatormarketplace-admin-language (npm)
Details
Package claims the @k18n npm scope (used internally by Kuaishou) and publishes at version 99.0.0 — the canonical high-version dependency-confusion shape that causes internal builds resolving @k18n from public npm to pull this artifact. A preinstall script in index.js collects host identifiers (os.hostname(), os.userInfo().username, install directory, cwd, package version) and transmits them to c.adityasec.com over two channels: an HTTPS POST to https://c.adityasec.com/LdCdrTByhmflbwt5qFNisg and a DNS lookup of a hex-encoded subdomain under c.adityasec.com (DNS exfil fallback for hosts where outbound HTTPS is restricted). The lifecycle hook fires automatically on `npm install` with no consent. The package's own description self-labels this as a 'dependency confusion proof of concept,' but the cover-story label does not change the installer-side harm: any build host that resolves @k18n from the public registry leaks internal hostnames, usernames, and build paths to a third-party operator.
Decision reason
OpenSSF Malicious Packages via OSV confirms @k18n/creatormarketplace-admin-language@99.0.2 as malicious (MAL-2026-6550): Malicious code in @k18n/creatormarketplace-admin-language (npm)

Source & flagged code

0 flagged
No flagged code excerpts are attached to this scan.

Findings

1 High
HighOsv Malicious Advisory