registry  /  getd-transactional-web  /  0.0.1

getd-transactional-web@0.0.1

OSV Malicious Advisory

scanned 3h ago · by OpenSSF/OSV

OpenSSF/OSV advisory MAL-2026-5469 confirms this npm version as malicious. On `npm install`, postinstall.js issues an HTTPS GET to https://webhook.site/18dc4281-d366-438a-9186-76fbcd56ade5 carrying os.hostname(), os.userInfo().username, os.platform(), process.cwd(), CI environment indicators (CI, BUILD_BUILDID, AGENT_NAME), and the package name/version. Errors are swallowed silently...

Advisory
MAL-2026-5469
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in getd-transactional-web (npm)
Details
On `npm install`, postinstall.js issues an HTTPS GET to https://webhook.site/18dc4281-d366-438a-9186-76fbcd56ade5 carrying os.hostname(), os.userInfo().username, os.platform(), process.cwd(), CI environment indicators (CI, BUILD_BUILDID, AGENT_NAME), and the package name/version. Errors are swallowed silently. The destination is an anonymous third-party request-bin, not a publisher-owned endpoint, so any party holding the webhook URL receives identifying information about every machine that installs this package. The package's README frames itself as a 'defensive squat' of the `@getd` scoped namespace, but the data flow — installer identifiers leaving the host to an unaffiliated request-bin without consent — is identical to a malicious typosquat beacon. The combination of a name that lures users targeting `@getd/*` and an unauthenticated metadata beacon at install time is installer-harming regardless of stated intent.
Decision reason
OpenSSF Malicious Packages via OSV confirms getd-transactional-web@0.0.1 as malicious (MAL-2026-5469): Malicious code in getd-transactional-web (npm)

Source & flagged code

0 flagged
No flagged code excerpts are attached to this scan.

Findings

1 High
HighOsv Malicious Advisory