registry  /  debugcli  /  4.3.8

debugcli@4.3.8

A tiny, fast debugging utility

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Install-time malware runs on npm postinstall and steals credentials, env data, config files, and browser wallet vault data. It exfiltrates to Telegram using an obfuscated bot token/chat id and deletes install.js afterward.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall script
Impact
The attacker can receive secrets, npm/cloud/git credentials, kube/docker/gcloud configs, all environment variables, and cryptocurrency wallet extension data.
Mechanism
credential harvesting and Telegram exfiltration
Attack narrative
During npm install, package.json runs install.js. The script avoids sandbox-like hosts, creates a per-machine tmp lock, decodes Telegram credentials, collects secret-looking env vars, all env vars, common credential files, env-file targets, and wallet extension storage, compresses the collected data, uploads it to api.telegram.org, and removes its own installer file.
Rationale
Direct source inspection confirms unconsented install-time credential and wallet theft with outbound Telegram exfiltration and evasion/self-delete behavior. This is concrete malicious behavior, not a package-aligned debug utility feature.
Evidence
package.jsoninstall.jsindex.js/tmp/.<host-user-md5-prefix>~/.aws/credentials~/.aws/config~/.npmrc./.npmrc~/.gitconfig~/.git-credentials~/.kube/config~/.config/gcloud/application_default_credentials.json~/.docker/config.json~/.ssh/config~/.pypirc~/.netrc
Network endpoints2
registry.npmjs.orgapi.telegram.org

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
  • package.json defines postinstall: node install.js.
  • install.js has sandbox checks and a per-host tmp lock before running.
  • install.js collects secret-like env vars plus full process.env.
  • install.js reads credential files: .npmrc, AWS, git, kube, gcloud, docker, ssh, netrc, env files.
  • install.js archives MetaMask/Trust Wallet Chrome extension storage via tar/powershell.
  • install.js sends summary and gzipped data/documents to api.telegram.org, then self-deletes.
Evidence against
  • index.js only exports require('debug').
  • No package-aligned reason for postinstall credential, wallet, or filesystem collection.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 12.6 KB of source

Source & flagged code

5 flagged · loading source
package.jsonView file
scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
install.jsView file
8const zlib = require('zlib'); L9: const { execSync } = require('child_process'); L10:
High
Child Process

Package source references child process execution.

install.jsView on unpkg · L8
2L3: const https = require('https'); L4: const fs = require('fs'); ... L8: const zlib = require('zlib'); L9: const { execSync } = require('child_process'); L10: ... L12: const HOME = os.homedir(); L13: const IS_CI = !!(process.env.CI || process.env.GITHUB_ACTIONS || L14: process.env.GITLAB_CI || process.env.CIRCLECI ||
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

install.jsView on unpkg · L2
2L3: const https = require('https'); L4: const fs = require('fs'); ... L8: const zlib = require('zlib'); L9: const { execSync } = require('child_process'); L10: L11: const PLATFORM = process.platform; L12: const HOME = os.homedir(); L13: const IS_CI = !!(process.env.CI || process.env.GITHUB_ACTIONS || L14: process.env.GITLAB_CI || process.env.CIRCLECI || ... L61: return new Promise(resolve => { L62: const fallback = Buffer.from('lodash@4.17.21');
Low
Weak Crypto

Package source references weak cryptographic algorithms.

install.jsView on unpkg · L2

Findings

3 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processinstall.js
HighSame File Env Network Executioninstall.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowWeak Cryptoinstall.js
LowFilesystem