registry  /  google-caja-bower  /  1000.800.20

google-caja-bower@1000.800.20

A Node.js package to collect and send system information to a remote endpoint

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Installing the package runs its preinstall hook. The hook inventories the current project and system context, then uploads selected project files to Discord.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm installation invokes `preinstall` via `node index.js`.
Impact
Exfiltrates readable project files (up to 500, 8 MB each) plus host, user, path, and directory metadata.
Mechanism
Install-time recursive file harvesting and Discord webhook exfiltration.
Attack narrative
On installation, npm executes `index.js` through `preinstall`. It scans the installer’s current working directory, collects a directory tree and host/user metadata, recursively selects readable files, and sends each file’s raw contents to a hard-coded Discord webhook in batches.
Rationale
Source directly implements an unconsented install-time exfiltration chain rather than legitimate package behavior. The static hint is confirmed by the manifest and complete source inspection.
Evidence
package.jsonindex.js
Network endpoints1
discord.com/api/webhooks/1471187072869073017/4TsUJVIxwZ_K73DBPmHOX4CDMq7TYdt1nTkg3KSCjA2L76gazQfO_mODyZfxPMuikqur

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
  • package.json defines `preinstall: node index.js`.
  • index.js immediately calls `main()` on execution.
  • index.js enumerates up to 500 cwd files, excluding only selected paths.
  • index.js reads selected files and uploads their bytes to a Discord webhook.
  • index.js posts hostname, cwd, username, platform, and directory tree first.
  • Discord webhook endpoint is hard-coded in index.js.
Evidence against
  • Only package files are `package.json` and `index.js`; no benign implementation is present.
  • No user opt-in, configuration, or package-aligned endpoint is required.
Behavioral surface
Source
EnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 9.31 KB of source, external domains: discord.com

Source & flagged code

3 flagged · loading source
package.jsonView file
scripts.preinstall = node index.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
index.jsView file
2const path = require('path'); L3: const https = require('https'); L4: const os = require('os'); ... L29: const SKIP_FILENAMES = new Set([ L30: 'package.json', L31: 'package-lock.json', ... L122: req.on('error', reject); L123: req.write(data); L124: req.end(); ... L140: L141: const payloadBuffer = Buffer.from(payload, 'utf8'); L142: const footerBuffer = Buffer.from(`\r\n--${boundary}--\r\n`);
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

index.jsView on unpkg · L2
2Trigger-reachable chain: scripts.preinstall -> index.js L2: const path = require('path'); L3: const https = require('https'); L4: const os = require('os'); ... L29: const SKIP_FILENAMES = new Set([ L30: 'package.json', L31: 'package-lock.json', ... L122: req.on('error', reject); L123: req.write(data); L124: req.end(); ... L140: L141: const payloadBuffer = Buffer.from(payload, 'utf8'); L142: const footerBuffer = Buffer.from(`\r\n--${boundary}--\r\n`);
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

index.jsView on unpkg · L2

Findings

2 Critical1 High3 Medium4 Low
CriticalCredential Exfiltrationindex.js
CriticalTrigger Reachable Dangerous Capabilityindex.js
HighInstall Time Lifecycle Scriptspackage.json
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings