AI Security Review
scanned 3h ago · by lpm-firewall-aiImporting the package runs local discovery commands and exfiltrates their output. The payload is unrelated to a React dialog component.
Static reason
No blocking static signals were detected.
Trigger
Any runtime import/require of the package, or `node index.js`.
Impact
Leaks the running account and host identity to an attacker-controlled collaborator endpoint.
Mechanism
import-time shell execution plus DNS/HTTP exfiltration
Attack narrative
`index.js`, declared as the main entrypoint, immediately invokes `whoami` and `hostname` through `child_process.execSync`. It hex-encodes each result, then triggers DNS resolution and an HTTP request to encoded subdomains under a fixed Burp Collaborator/OAST host. This causes system identity data to leave the consuming application's environment whenever the package is imported or executed.
Rationale
Source inspection confirms concrete import-time command execution and outbound exfiltration to a fixed third-party endpoint. This is malicious behavior and not package-aligned React UI functionality.
Evidence
index.jspackage.json
Network endpoints2
vih2vewj1xxwlsd8dkgjqugtyk4bs1gq.oastify.com<encoded>.vih2vewj1xxwlsd8dkgjqugtyk4bs1gq.oastify.com
OSV Corroboration
OpenSSF/OSVAdvisory
MAL-2026-10605
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in @radivi-ui/react-dialog (npm)
Details
@radivi-ui/react-dialog is a typosquat of @radix-ui/react-dialog whose main entry (index.js) is a self-executing IIFE that runs `whoami` and `hostname` via `child_process.execSync` when the package is loaded via require/import. The command outputs are hex-encoded and exfiltrated to the hardcoded Burp Collaborator subdomain `vih2vewj1xxwlsd8dkgjqugtyk4bs1gq.oastify.com` via both DNS resolution (dns.resolve of a crafted subdomain) and HTTP GET (http.get). The behavior fires unconditionally on module load with no user opt-in, no CLI gate, and no relation to any dialog/UI functionality the package name implies.
References
Decision evidence
public snapshotAI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
- `index.js` executes immediately on import.
- Runs `execSync('whoami')` and `execSync('hostname')`.
- Encodes command output and sends DNS queries to a fixed OAST host.
- Also performs HTTP GET requests to encoded OAST subdomains.
- `package.json` exposes this payload as the package main entrypoint.
Evidence against
- No npm preinstall/install/postinstall lifecycle hook.
- No additional package files or dependencies were present.
Behavioral surface
ChildProcessNetwork
HighEntropyStrings
NoLicense
Source & flagged code
1 flagged · loading sourcepackage.jsonView file
•Published source reference
High
Ai Review Evidence
`package.json` exposes this payload as the package main entrypoint.
package.jsonView on unpkgFindings
5 High1 Medium3 Low
HighAi Review Evidence
HighAi Review Evidence
HighAi Review Evidence
HighAi Review Evidence
HighAi Review Evidencepackage.json
MediumNetwork
LowScripts Present
LowHigh Entropy Strings
LowNo License