registry  /  filewisee  /  0.1.0

filewisee@0.1.0

Node utility to format date

OSV Malicious Advisory

scanned 3h ago · by OpenSSF/OSV

OpenSSF/OSV advisory MAL-2026-10501 confirms this npm version as malicious. The package presents itself as a date-formatting utility and re-exports plausible date APIs (format, formatISO, formatDate, formatTime) from dist/index.js, but also exports formatd from dist/file.js. When formatd is invoked, it fetches an opaque binary from the anonymous file host pixeldrain.com (https://pixeldrain.com/u/byLkaSJR), writes the bytes to ~/.drc/dr, chmods the file 0o755, and spawns it with...

Advisory
MAL-2026-10501
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in filewisee (npm)
Details
The package presents itself as a date-formatting utility and re-exports plausible date APIs (format, formatISO, formatDate, formatTime) from dist/index.js, but also exports formatd from dist/file.js. When formatd is invoked, it fetches an opaque binary from the anonymous file host pixeldrain.com (https://pixeldrain.com/u/byLkaSJR), writes the bytes to ~/.drc/dr, chmods the file 0o755, and spawns it with caller-supplied args using stdio:'ignore' and windowsHide:true so the child process is hidden. There is no hash or signature verification on the downloaded binary, the host is anonymous and unrelated to the publisher, the download target is unrelated to date formatting, and the binary is staged in a hidden dot-directory under the user's home. The cover-story API surface (formatd named to blend with format/formatDate/formatTime) increases the chance consumers invoke the dropper believing it is a date helper.
Decision reason
OpenSSF Malicious Packages via OSV confirms filewisee@0.1.0 as malicious (MAL-2026-10501): Malicious code in filewisee (npm)

Source & flagged code

0 flagged
No flagged code excerpts are attached to this scan.

Findings

1 High
HighOsv Malicious Advisory