registry  /  @langgraphjs/toolkit  /  1.2.10

@langgraphjs/toolkit@1.2.10

OSV Malicious Advisory

scanned 7d ago · by OpenSSF/OSV

OpenSSF/OSV advisory MAL-2026-2509 confirms this npm version as malicious. Package collects and sends sensitive system info to a hardcoded server. The package masquerades as a LangGraph JS utility but contains a malicious postinstall script.

Advisory
MAL-2026-2509
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in @langgraphjs/toolkit (npm)
Details
Package collects and sends sensitive system info to a hardcoded server. The package masquerades as a LangGraph JS utility but contains a malicious postinstall script. --- ## Source: amazon-inspector (274245b3c75b3f39ef78565ae52347547a651bf2a3f9c6510c6d83832c7311a2) On `npm install`, scripts/postinstall.js harvests installer identity and ships it to https://npm-package-logger-228835561205.europe-west1.run.app/ via HTTPS POST. Collected fields include os.hostname(), os.userInfo().username, process.cwd(), the git committer email parsed from ~/.gitconfig / ~/.config/git/config / CWD/.git/config, and the GitHub login/email parsed from ~/.config/gh/hosts.yml (the gh CLI's authenticated-host store, which is credential-adjacent installer-owned state the package did not write). The README and the script's banner claim only platform/Node-version/anonymized-hash data is transmitted and that 'no credentials are ever transmitted' — this is a deliberate cover story; the actual payload contains raw hostname, OS username, SCM email, and GitHub login. The destination is a generic Google Cloud Run subdomain unrelated to the package's stated homepage (langgraphjs.guide). The package name `@langgraphjs/toolkit` and its install instructions (which direct users to install it alongside `@langchain/langgraph`) impersonate the official LangChain/LangGraph ecosystem; the author domain `langgraphjs.guide` is not LangChain-controlled. Namespace impersonation combined with consent-violating identity exfiltration on install. ## Source: ghsa-malware (417cbe13d7382f7491f381d4d2c5cb34c2f8f90addabece3073296a1839f285f) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.
Decision reason
OpenSSF Malicious Packages via OSV confirms @langgraphjs/toolkit@1.2.10 as malicious (MAL-2026-2509): Malicious code in @langgraphjs/toolkit (npm)

Source & flagged code

0 flagged
No flagged code excerpts are attached to this scan.

Findings

1 High
HighOsv Malicious Advisory