OSV Malicious Advisory
scanned 2h ago · by OpenSSF/OSVOpenSSF/OSV advisory MAL-2026-10225 confirms this npm version as malicious. The @logdna-web/shared package was published to the npm registry by user 'click2ai' (maintainer email privatek3m@protonmail.com) as part of a dependency-confusion / reconnaissance campaign...
Advisory
MAL-2026-10225
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in @logdna-web/shared (npm)
Details
The @logdna-web/shared package was published to the npm registry by user 'click2ai' (maintainer email privatek3m@protonmail.com) as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization (the @logdna-web scope (LogDNA/Mezmo-style naming)) so that a misconfigured resolver installs this public lookalike instead of the intended private dependency.
The package declares a preinstall hook ("npm install @sentry/node && node examples/verify.js") that executes automatically at npm install time, before any application code runs. The bundled examples/verify.js initializes the @sentry/node client against a hardcoded, attacker-controlled Sentry DSN with sendDefaultPii enabled, resolves the installing host's public egress IP address by requesting Cloudflare's /cdn-cgi/trace endpoint (using a spoofed desktop-browser User-Agent to bypass bot challenges), then deliberately triggers a runtime exception and captures it. Flushing the event beacons the collected host telemetry (public IP plus Sentry default PII such as hostname, OS username and runtime/environment metadata) to the attacker's Sentry ingest endpoint at o4510485815754752.ingest.us.sentry.io.
Each impersonated namespace in the campaign beacons to a distinct Sentry project ID, letting the operator attribute successful installs to specific victim organizations — behaviour consistent with a dependency-confusion reconnaissance beacon rather than legitimate error monitoring. The install-time payload is byte-for-byte identical across all packages published by this account, differing only in the package name and the target DSN. This package's beacon targets Sentry project 4511632708141056.
---
## Source: amazon-inspector (c60208a158c0b2ae8c9fcbcf682749ecb8bf7729be24aa00dfdfe7144f93587c) The package's `package.json` declares a `preinstall` hook that runs `examples/verify.js`. On every `npm install`, that script initializes Sentry against a hardcoded author-owned DSN at `o4510485815754752.ingest.us.sentry.io/4511632708141056`, resolves the installer's public IP via Cloudflare's trace endpoint and attaches it as the Sentry event's `user.ip_address`, deliberately triggers an exception with `sendDefaultPii: true`, and flushes the event — uploading installer-side identifiers and host/error context to the author's Sentry project without consent. Independently, `src/index.js` (the package `main`) bakes the same DSN as `DEFAULT_DSN`, so any library consumer that calls `init()` without supplying their own DSN silently relays their application's exceptions, IPs, and PII to the author's Sentry account rather than failing. The package is published under the scope `@logdna-web`, which is brand-adjacent to LogDNA/Mezmo's legitimate `@logdna` scope, while shipping a Sentry-wrapper of unrelated functionality — consistent with a typosquat lure plus active install-time data collection.
Decision reason
OpenSSF Malicious Packages via OSV confirms @logdna-web/shared@13.19.37 as malicious (MAL-2026-10225): Malicious code in @logdna-web/shared (npm)
References
Source & flagged code
0 flaggedNo flagged code excerpts are attached to this scan.
Findings
1 High
HighOsv Malicious Advisory