registry  /  @vite-js/vui  /  7.14.16

@vite-js/vui@7.14.16

Native-ESM powered web dev build tool

AI Security Review

scanned 2h ago · by lpm-firewall-ai

The shipped `vite` executable contains an appended, heavily obfuscated runtime payload. Running the package CLI automatically decodes and executes it after normal CLI startup.

Static reason
High-risk behavior combination matched malicious policy.; source matched previously finalized malicious package; routed for review
Trigger
User or tool executes the installed `vite` bin.
Impact
Arbitrary concealed code executes in the invoking user's Node environment.
Mechanism
Obfuscated decoded-payload execution in the CLI entrypoint.
Attack narrative
`package.json` maps the `vite` command to `bin/vite.js`. After the normal Vite launcher, that file appends opaque string-shuffling and decoding logic, constructs a concealed payload, and immediately invokes it. This is unrelated to normal CLI operation, concealed rather than bundled application logic, and creates arbitrary code-execution capability whenever the command runs.
Rationale
Direct source inspection confirms a concealed payload appended to the public CLI entrypoint and executed on every CLI invocation. The absence of an install hook does not mitigate this concrete runtime execution chain.
Evidence
package.jsonbin/vite.js

OSV Corroboration

OpenSSF/OSV
Advisory
MAL-2026-10619
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in @vite-js/vui (npm)
Details
Package publishes under @vite-js/vui while impersonating the official vite package: package.json sets author "Evan You", description "Native-ESM powered web dev build tool", repository github.com/vitejs/vite.git, and bin name "vite" mapped to bin/vite.js. bin/vite.js is the legitimate Vite bootstrapper with an obfuscated trailer appended after the normal start() call: a shuffle-decoder resolves the string "constructor" (var XVL=Oto[Ywu]), builds a Function from a decoded opaque source blob, and immediately invokes it (var CpK=XVL(HuO,Oto(IHO)); var ARH=CpK(Oto('...')); var hTf=plc(byk,ARH); hTf(3504);). Every invocation of the vite command (npm run dev/build/preview, npx vite) executes the hidden author-supplied code on the developer's machine. devDependencies additionally include @solana/web3.js, axios, socket.io-client, and form-data — libraries consistent with wallet-drainer / C2 exfiltration functionality and not present in upstream Vite.

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
  • `bin/vite.js` appends an obfuscated IIFE after the legitimate CLI.
  • The appended code decodes concealed strings and invokes the decoded payload via `hTf(3504)`.
  • The payload runs whenever the declared `vite` bin is executed.
  • `package.json` exposes `bin/vite.js` as the `vite` command.
  • Only `prepublishOnly` exists; the payload is runtime-triggered, not an install hook.
Evidence against
  • No preinstall, install, or postinstall lifecycle hook.
  • No plaintext external endpoint is visible in the inspected payload.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 14 file(s), 2.81 MB of source, external domains: bugs.chromium.org, caniuse.com, developer.mozilla.org, dotenvx.com, ecma-international.org, eev.ee, en.wikipedia.org, example.com, foo.com, git-lfs.github.com, git.io, github.com, html.spec.whatwg.org, jquery.org, learn.microsoft.com, lodash.com, mathiasbynens.be, msdn.microsoft.com, nx.dev, pnpm.io, qntm.org, rollupjs.org, rushjs.io, stackoverflow.com, underscorejs.org, vitejs.dev, www.ibm.com, www.w3.org, yaml.org

Source & flagged code

14 flagged · loading source
dist/node/chunks/dep-Cy9twKMn.jsView file
17import { StringDecoder } from 'node:string_decoder'; L18: import { exec, execSync } from 'node:child_process'; L19: import { createServer as createServer$3, STATUS_CODES, get as get$2 } from 'node:http'; L20: import { createServer as createServer$2, get as get$1 } from 'node:https'; ... L30: import { createHash as createHash$2 } from 'node:crypto'; L31: import { promises } from 'node:dns'; L32: import require$$3$1 from 'crypto'; ... L52: const __filename = __cjs_fileURLToPath(import.meta.url); L53: const __dirname = __cjs_dirname(__filename); L54: const require = __cjs_createRequire(import.meta.url); ... L93: let argv = process.argv || [], L94: env$1 = process.env;
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

dist/node/chunks/dep-Cy9twKMn.jsView on unpkg · L17
17import { StringDecoder } from 'node:string_decoder'; L18: import { exec, execSync } from 'node:child_process'; L19: import { createServer as createServer$3, STATUS_CODES, get as get$2 } from 'node:http'; L20: import { createServer as createServer$2, get as get$1 } from 'node:https'; ... L30: import { createHash as createHash$2 } from 'node:crypto'; L31: import { promises } from 'node:dns'; L32: import require$$3$1 from 'crypto'; ... L52: const __filename = __cjs_fileURLToPath(import.meta.url); L53: const __dirname = __cjs_dirname(__filename); L54: const require = __cjs_createRequire(import.meta.url); ... L93: let argv = process.argv || [], L94: env$1 = process.env;
Critical
Remote Asset Decode Execute

Source fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.

dist/node/chunks/dep-Cy9twKMn.jsView on unpkg · L17
17Trigger-reachable chain: manifest.main -> dist/node/index.js -> dist/node/chunks/dep-Cy9twKMn.js L17: import { StringDecoder } from 'node:string_decoder'; L18: import { exec, execSync } from 'node:child_process'; L19: import { createServer as createServer$3, STATUS_CODES, get as get$2 } from 'node:http'; L20: import { createServer as createServer$2, get as get$1 } from 'node:https'; ... L30: import { createHash as createHash$2 } from 'node:crypto'; L31: import { promises } from 'node:dns'; L32: import require$$3$1 from 'crypto'; ... L52: const __filename = __cjs_fileURLToPath(import.meta.url); L53: const __dirname = __cjs_dirname(__filename); L54: const require = __cjs_createRequire(import.meta.url); ... L93: let argv = process.argv || [], L94: env$1 = process.env;
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/node/chunks/dep-Cy9twKMn.jsView on unpkg · L17
17import { StringDecoder } from 'node:string_decoder'; L18: import { exec, execSync } from 'node:child_process'; L19: import { createServer as createServer$3, STATUS_CODES, get as get$2 } from 'node:http';
High
Child Process

Package source references child process execution.

dist/node/chunks/dep-Cy9twKMn.jsView on unpkg · L17
45119.execSync( L45120: 'powershell -NoProfile -Command "Get-CimInstance -Query \\"select executablepath from win32_process where executablepath is not null\\" | % { $_.ExecutablePath }"', L45121: {
High
Shell

Package source references shell execution.

dist/node/chunks/dep-Cy9twKMn.jsView on unpkg · L45119
17558function evalValue(rawValue) { L17559: const fn = new Function(` L17560: var console, exports, global, module, process, require
High
Eval

Package source references dynamic code evaluation.

dist/node/chunks/dep-Cy9twKMn.jsView on unpkg · L17558
matchType = normalized_sha256 matchedPackage = @vite-tab/tabui@7.15.16 matchedPath = dist/node/chunks/dep-Cy9twKMn.js matchedIdentity = npm:QHZpdGUtdGFiL3RhYnVp:7.15.16 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

dist/node/chunks/dep-Cy9twKMn.jsView on unpkg
17import { StringDecoder } from 'node:string_decoder'; L18: import { exec, execSync } from 'node:child_process'; L19: import { createServer as createServer$3, STATUS_CODES, get as get$2 } from 'node:http'; L20: import { createServer as createServer$2, get as get$1 } from 'node:https'; ... L30: import { createHash as createHash$2 } from 'node:crypto'; L31: import { promises } from 'node:dns'; L32: import require$$3$1 from 'crypto'; ... L52: const __filename = __cjs_fileURLToPath(import.meta.url); L53: const __dirname = __cjs_dirname(__filename); L54: const require = __cjs_createRequire(import.meta.url); ... L93: let argv = process.argv || [], L94: env$1 = process.env;
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/node/chunks/dep-Cy9twKMn.jsView on unpkg · L17
dist/node/runtime.jsView file
911} L912: processImport(exports, fetchResult, metadata) { L913: if (!("externalize" in fetchResult))
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/node/runtime.jsView on unpkg · L911
bin/vite.jsView file
61start() L62: }; ...
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

bin/vite.jsView on unpkg · L61
dist/node-cjs/publicUtils.cjsView file
matchType = normalized_sha256 matchedPackage = @vite-tab/tabui@7.15.16 matchedPath = dist/node-cjs/publicUtils.cjs matchedIdentity = npm:QHZpdGUtdGFiL3RhYnVp:7.15.16 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

dist/node-cjs/publicUtils.cjsView on unpkg
dist/node/chunks/dep-BkYu-SNl.jsView file
matchType = normalized_sha256 matchedPackage = @vite-tab/tabui@7.15.16 matchedPath = dist/node/chunks/dep-BkYu-SNl.js matchedIdentity = npm:QHZpdGUtdGFiL3RhYnVp:7.15.16 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

dist/node/chunks/dep-BkYu-SNl.jsView on unpkg
dist/node/cli.jsView file
matchType = normalized_sha256 matchedPackage = @vite-tab/tabui@7.15.16 matchedPath = dist/node/cli.js matchedIdentity = npm:QHZpdGUtdGFiL3RhYnVp:7.15.16 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

dist/node/cli.jsView on unpkg
dist/node/chunks/dep-SDtFYyy1.jsView file
matchType = normalized_sha256 matchedPackage = @vite-tab/tabui@7.15.16 matchedPath = dist/node/chunks/dep-SDtFYyy1.js matchedIdentity = npm:QHZpdGUtdGFiL3RhYnVp:7.15.16 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

dist/node/chunks/dep-SDtFYyy1.jsView on unpkg

Findings

3 Critical9 High4 Medium7 Low
CriticalCredential Exfiltrationdist/node/chunks/dep-Cy9twKMn.js
CriticalRemote Asset Decode Executedist/node/chunks/dep-Cy9twKMn.js
CriticalTrigger Reachable Dangerous Capabilitydist/node/chunks/dep-Cy9twKMn.js
HighChild Processdist/node/chunks/dep-Cy9twKMn.js
HighShelldist/node/chunks/dep-Cy9twKMn.js
HighEvaldist/node/chunks/dep-Cy9twKMn.js
HighObfuscated Payload Loaderbin/vite.js
HighKnown Malware Source Similaritydist/node/chunks/dep-Cy9twKMn.js
HighKnown Malware Source Similaritydist/node-cjs/publicUtils.cjs
HighKnown Malware Source Similaritydist/node/chunks/dep-BkYu-SNl.js
HighKnown Malware Source Similaritydist/node/cli.js
HighKnown Malware Source Similaritydist/node/chunks/dep-SDtFYyy1.js
MediumDynamic Requiredist/node/runtime.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/node/chunks/dep-Cy9twKMn.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings