registry  /  @luminarycloudinternal/lcvis-st  /  9999.0.2

@luminarycloudinternal/lcvis-st@9999.0.2

Security research placeholder (Bugcrowd luminarycloud-mbb-od2, submission 10d62a7c). Benign dependency-confusion canary held by researcher account mdpsec. No functional code. Will be unpublished or transferred to Luminary Cloud on request.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

The confirmed behavior is an automatic install-time callback that transmits host and CI/build metadata. This is package-aligned canary telemetry, but it is still unconsented data disclosure on install.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall
Impact
Disclosure of build host identity, OS details, npm metadata, and selected CI identifiers
Mechanism
install-time host fingerprint HTTPS callback
Rationale
Source inspection confirms automatic install-time host fingerprint telemetry to an external endpoint, so the package should be warned. No evidence of credential theft, file harvesting, persistence, destructive behavior, remote payload execution, or AI-agent control-surface mutation was found, so publish blocking is not justified.
Evidence
package.jsonpostinstall.jsREADME.md
Network endpoints1
poc-luminary-npm-1782987043.testingboxes.com/cb/5457161feaa0f110e5790adead3a652e0a2f40773c6cfb40

OSV Corroboration

OpenSSF/OSV
Advisory
MAL-2026-6987
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in @luminarycloudinternal/lcvis-st (npm)
Details
Package @luminarycloudinternal/lcvis-st@9999.0.2 is published to the public npm registry under an internal-looking scope with an artificially high version number designed to outrank any legitimate internal release, so misconfigured installers resolve this public copy. On install, the postinstall.js script collects host and user identifiers (os.hostname(), os.userInfo().username, OS type/release/platform/arch), npm package name/version and user-agent, and CI/GitHub identifiers (CI, GITHUB_ACTIONS, GITHUB_REPOSITORY, RUNNER_NAME, GITHUB_SHA, GITHUB_REF, GITHUB_WORKFLOW), then sends them as query parameters via HTTPS GET to a hardcoded third-party endpoint at poc-luminary-npm-1782987043.testingboxes.com (postinstall.js line 34). The package self-labels as a Bugcrowd bounty canary, but the behavior — dependency-confusion scope/version combined with install-time transmission of installer identifiers to a hardcoded third-party host — is exfiltration for any installer other than the intended bounty target.

Decision evidence

public snapshot
AI called this Suspicious at 93.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for block
  • package.json defines install-time postinstall: node postinstall.js
  • postinstall.js sends an HTTPS GET to poc-luminary-npm-1782987043.testingboxes.com during install
  • postinstall.js collects npm/CI identifiers plus hostname, username, and OS details
Evidence against
  • Only package files are package.json, README.md, and postinstall.js
  • No child_process, eval, dynamic code loading, file reads/writes, persistence, or destructive behavior found
  • README.md and manifest describe dependency-confusion canary purpose
Behavioral surface
Source
EnvironmentVarsNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 1.85 KB of source, external domains: poc-luminary-npm-1782987043.testingboxes.com

Source & flagged code

3 flagged · loading source
package.jsonView file
scripts.postinstall = node postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
postinstall.jsView file
8try { L9: var https = require('https'); L10: var os = require('os'); L11: var e = process.env; L12: var pkg = (e.npm[redacted] || '') + '@' + (e.npm[redacted] || ''); L13: // whoami-equivalent: os.userInfo().username reads the effective user without L14: // spawning a shell (kept benign, no child process). ... L18: try { osname = [os.type && os.type(), os.release && os.release(), os.platform && os.platform(), os.arch && os.arch()].filter(Boolean).join(' '); } catch (o) {} L19: var q = new URLSearchParams({ L20: pkg: pkg, L21: ua: e.npm[redacted] || '', L22: ci: e.CI || '',
High
Host Fingerprint Exfiltration

Source collects local host identity data and sends it to an external endpoint.

postinstall.jsView on unpkg · L8

Findings

2 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
HighHost Fingerprint Exfiltrationpostinstall.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings