registry  /  console-fmt-cli  /  2.1.0

console-fmt-cli@2.1.0

Pretty console logger for Node.js CLI apps and services

OSV Malicious Advisory

scanned 2h ago · by OpenSSF/OSV

OpenSSF/OSV advisory MAL-2026-6688 confirms this npm version as malicious. Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign. `console-fmt-cli` uses a side-loader technique: it declares `decimal-format-core >=3.0` as a dependency, which contains a dropper that executes at install time via a `postinstall` hook. The dropper fetches a second-stage infostealer from a remote C2 (`logstream-api.online`) that harvests cryptocurrency wallet vaults (MetaMask,...

Advisory
MAL-2026-6688
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in console-fmt-cli (npm)
Details
Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign. `console-fmt-cli` uses a side-loader technique: it declares `decimal-format-core >=3.0` as a dependency, which contains a dropper that executes at install time via a `postinstall` hook. The dropper fetches a second-stage infostealer from a remote C2 (`logstream-api.online`) that harvests cryptocurrency wallet vaults (MetaMask, Phantom, Solflare, OKX, Coinbase, TrustWallet, Backpack, TronLink), browser cookies and credentials, SSH keys, AWS credentials, `.npmrc` tokens, Docker config, shell history, and password manager databases. --- ## Source: amazon-inspector (7ccb50e741119fa832c2a87e47315cb08f14f9dfe5422bba40aa7788b2aab7de) The package was found to contain malicious code or consuming dependency that contains malicious code
Decision reason
OpenSSF Malicious Packages via OSV confirms console-fmt-cli@2.1.0 as malicious (MAL-2026-6688): Malicious code in console-fmt-cli (npm)

Source & flagged code

0 flagged
No flagged code excerpts are attached to this scan.

Findings

1 High
HighOsv Malicious Advisory