OSV Malicious Advisory
scanned 2h ago · by OpenSSF/OSVOpenSSF/OSV advisory MAL-2026-6518 confirms this npm version as malicious. Package ships a heavily obfuscated main bundle (dist/index.js, javascript-obfuscator string-array rotation and control-flow flattening) whose top-level main() boots a Fastify relay server on require()/start...
Advisory
MAL-2026-6518
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in ai-node-relay (npm)
Details
Package ships a heavily obfuscated main bundle (dist/index.js, javascript-obfuscator string-array rotation and control-flow flattening) whose top-level main() boots a Fastify relay server on require()/start. Remote endpoints are derived from operator-supplied GATEWAY_URL / REDIS_URL / NODE_TOKEN env vars or config; no hardcoded exfiltration endpoint, install-time fetch+execute, credential scraping, or installer-secret reads were observed in the deobfuscated code. package.json scripts.start and scripts.dev hardcode the author's own gateway token (NODE_TOKEN=nt_6b136c93...) which only authenticates to the author's gateway per the README — author-side credential leak, not installer harm. Concerns warranting human review: (a) main entry self-executes a server and binds a port on require(), atypical for a library main; (b) the shipped bundle is obfuscated, reducing reviewability of a network-facing relay; (c) the author has leaked their own gateway token in shipped scripts. None of these constitute a supply-chain attack against installers, but the combination warrants reviewer judgment before recommending the package.
## Source: ghsa-malware (15dbf12bf77945563589af277a5a11fc548f282dfb1ab8fb8b0e8253d28ec854) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.
Decision reason
OpenSSF Malicious Packages via OSV confirms ai-node-relay@0.0.1 as malicious (MAL-2026-6518): Malicious code in ai-node-relay (npm)
References
Source & flagged code
0 flaggedNo flagged code excerpts are attached to this scan.
Findings
1 High
HighOsv Malicious Advisory