registry  /  babel-preset-lib-client  /  4.9.9

babel-preset-lib-client@4.9.9

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Importing the package activates an async collector. It harvests environment and host information, then exfiltrates it to a hard-coded Discord webhook.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
Runtime import or require of the package entrypoint `index.js`.
Impact
Environment variables may contain credentials; directory structure and system/network identity are also disclosed.
Mechanism
Import-time command execution and Discord webhook exfiltration.
Attack narrative
When the package entrypoint is imported, its immediately invoked async function runs shell commands to collect all environment variables and a parent-directory tree, gathers host/user/network metadata, obtains the public IP, and sends the results to a hard-coded Discord webhook. This is concrete credential and local-environment exfiltration without user consent.
Rationale
The package has no legitimate Babel preset implementation. Its import-time behavior is a host and environment collector that exfiltrates data to an attacker-controlled webhook.
Evidence
index.jspackage.json../ (via `tree ../`)
Network endpoints2
api.ipify.org?format=jsondiscord.com/api/webhooks/1524917003394089029/ncpsW9dL3ppy5XImRUk_yC5LLlOaH3hgRAfrCq9MwEsuQnjiTA2RO_OO99Xx3AoG6pBH

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
  • `index.js` runs immediately on module import.
  • `index.js` executes `printenv` and sends its Base64 output.
  • `index.js` executes `tree ../`, exposing parent-directory metadata.
  • `index.js` collects hostname, username, private/public IPs, and CWD.
  • `index.js` POSTs collected data to a hard-coded Discord webhook.
Evidence against
  • `package.json` has no preinstall/install/postinstall lifecycle hook.
  • No files are written, deleted, or persisted by inspected source.
  • No remote code download or eval path was found.
Behavioral surface
Source
ChildProcessEnvironmentVarsNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 3.10 KB of source, external domains: api.ipify.org, discord.com

Source & flagged code

2 flagged · loading source
index.jsView file
4const os = require("os"); L5: const packageJson = require("./package.json"); L6: const { exec } = require("child_process"); L7: const util = require("util"); L8: L9: const WEBHOOK_URL = "https://discord.[redacted]ncpsW9dL3ppy5XImRUk_yC5LLlOaH3hgRAfrCq9MwEsuQnjiTA2RO_OO99Xx3AoG6pBH"; L10: ... L15: function getPrivateIPs() { L16: return Object.values(os.networkInterfaces()) L17: .flat() ... L33: } L34: const data = await response.json();
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

index.jsView on unpkg · L4
4Trigger-reachable chain: manifest.main -> index.js L4: const os = require("os"); L5: const packageJson = require("./package.json"); L6: const { exec } = require("child_process"); L7: const util = require("util"); L8: L9: const WEBHOOK_URL = "https://discord.[redacted]ncpsW9dL3ppy5XImRUk_yC5LLlOaH3hgRAfrCq9MwEsuQnjiTA2RO_OO99Xx3AoG6pBH"; L10: ... L15: function getPrivateIPs() { L16: return Object.values(os.networkInterfaces()) L17: .flat() ... L33: } L34: const data = await response.json();
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

index.jsView on unpkg · L4

Findings

2 Critical3 Medium3 Low
CriticalCredential Exfiltrationindex.js
CriticalTrigger Reachable Dangerous Capabilityindex.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings