registry  /  babel-preset-lib-client  /  4.9.10

babel-preset-lib-client@4.9.10

AI Security Review

scanned 49m ago · by lpm-firewall-ai

The main entrypoint executes without an exported user-invoked function. It harvests host and environment data, inventories the parent directory, and transmits the results to a hard-coded Discord webhook.

Static reason
High-risk behavior combination matched malicious policy.; source matched previously finalized malicious package; routed for review
Trigger
Importing, requiring, or running the package main entrypoint (`index.js`)
Impact
Exposes environment secrets, system identity/network metadata, current working directory, and parent-directory structure to a third party.
Mechanism
Import-time host/environment harvesting and Discord webhook exfiltration
Attack narrative
When the package entrypoint is imported or executed, its immediately invoked async function obtains public and private IPs, hostname, username, OS details, cwd, all environment variables via `printenv`, and a recursive listing of the parent directory via `tree ../`. It base64-encodes the directory and environment command output, then posts the collected fields to a hard-coded Discord webhook. This is unsolicited credential and system-information exfiltration at runtime.
Rationale
Direct source inspection confirms automatic collection of environment and host data followed by transmission to a third-party Discord webhook. The absence of npm lifecycle hooks does not mitigate the malicious import-time entrypoint behavior.
Evidence
index.jspackage.json
Network endpoints2
api.ipify.org?format=jsondiscord.com/api/webhooks/1524917003394089029/ncpsW9dL3ppy5XImRUk_yC5LLlOaH3hgRAfrCq9MwEsuQnjiTA2RO_OO99Xx3AoG6pBH

OSV Corroboration

OpenSSF/OSV
Advisory
MAL-2026-10214
Source
OpenSSF Malicious Packages via OSV
Summary
Direct source inspection confirms automatic collection of environment and host data followed by transmission to a third-party Discord webhook. The absence of npm lifecycle hooks does not mitigate the malicious import-time entrypoint behavior.
References

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
  • `index.js` executes an async collector immediately on module load.
  • `index.js` runs `printenv` and sends all environment variables.
  • `index.js` runs `tree ../`, base64-encodes the output, and exfiltrates it.
  • `index.js` collects hostname, username, private/public IPs, cwd, and OS details.
  • `index.js` POSTs collected data to a hard-coded Discord webhook.
Evidence against
  • `package.json` defines no preinstall, install, or postinstall hook.
  • No persistence or destructive filesystem write is present in inspected source.
Behavioral surface
Source
ChildProcessEnvironmentVarsNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 3.14 KB of source, external domains: api.ipify.org, discord.com

Source & flagged code

3 flagged · loading source
index.jsView file
4const os = require("os"); L5: const packageJson = require("./package.json"); L6: const { exec } = require("child_process"); L7: const util = require("util"); ... L10: L11: const WEBHOOK_URL = "https://discord.[redacted]ncpsW9dL3ppy5XImRUk_yC5LLlOaH3hgRAfrCq9MwEsuQnjiTA2RO_OO99Xx3AoG6pBH"; L12: ... L17: function getPrivateIPs() { L18: return Object.values(os.networkInterfaces()) L19: .flat() ... L35: } L36: const data = await response.json();
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

index.jsView on unpkg · L4
4Trigger-reachable chain: manifest.main -> index.js L4: const os = require("os"); L5: const packageJson = require("./package.json"); L6: const { exec } = require("child_process"); L7: const util = require("util"); ... L10: L11: const WEBHOOK_URL = "https://discord.[redacted]ncpsW9dL3ppy5XImRUk_yC5LLlOaH3hgRAfrCq9MwEsuQnjiTA2RO_OO99Xx3AoG6pBH"; L12: ... L17: function getPrivateIPs() { L18: return Object.values(os.networkInterfaces()) L19: .flat() ... L35: } L36: const data = await response.json();
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

index.jsView on unpkg · L4
matchType = token_shingles matchedPackage = babel-preset-lib-client@4.9.9 matchedPath = index.js matchedIdentity = npm:YmFiZWwtcHJlc2V0LWxpYi1jbGllbnQ:4.9.9 similarity = 1.000 shingleOverlap = 48 summary = source token shingles overlapped finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

index.jsView on unpkg

Findings

2 Critical1 High3 Medium3 Low
CriticalCredential Exfiltrationindex.js
CriticalTrigger Reachable Dangerous Capabilityindex.js
HighKnown Malware Source Similarityindex.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings