registry  /  abuden218  /  1.7.7

abuden218@1.7.7

package

OSV Malicious Advisory

scanned 10d ago · by OpenSSF/OSV

OpenSSF/OSV advisory MAL-2026-6128 confirms this npm version as malicious. Package is published under a deceptive identity. package.json declares main=sw.js, but sw.js is a service-worker entry (importScripts) that throws when loaded under Node — the package is not a usable npm library. The shipped contents are a static web-proxy application (bare-mux v2.1.9 plus a service-worker proxy in sw.js), with index.html cover-storying the bundle as 'Riverbend Tutoring' while a Roblox shortcut icon...

Advisory
MAL-2026-6128
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in abuden218 (npm)
Details
Package is published under a deceptive identity. package.json declares main=sw.js, but sw.js is a service-worker entry (importScripts) that throws when loaded under Node — the package is not a usable npm library. The shipped contents are a static web-proxy application (bare-mux v2.1.9 plus a service-worker proxy in sw.js), with index.html cover-storying the bundle as 'Riverbend Tutoring' while a Roblox shortcut icon and code that opens https://abdct.com/ on user interaction are included. All 12 asset JS files are heavily obfuscated (hex-prefixed identifiers like _0xaaed02 throughout assets/*.js). The tarball additionally ships auto-publish.sh, a shell script that iterates the names 'ratelimitsucks', 'ratelimitsucks1',..., copies the tree to a temp dir, rewrites package.json.name, and runs `npm publish --silent` in parallel — i.e., the author's own mass-republishing pipeline accidentally included in the release. The package has no lifecycle hooks, so installing it does not directly execute code on the installer; the harm is registry pollution and consumer deception (developers who `npm install` this expecting a library get a non-functional service-worker bundle masquerading as one of many spam-named republishes).
Decision reason
OpenSSF Malicious Packages via OSV confirms abuden218@1.7.7 as malicious (MAL-2026-6128): Malicious code in abuden218 (npm)

Source & flagged code

0 flagged
No flagged code excerpts are attached to this scan.

Findings

1 High
HighOsv Malicious Advisory