registry  /  google-caja-bower  /  20.20.20

google-caja-bower@20.20.20

A Node.js package to collect and send system information to a remote endpoint

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Install-time code harvests host identity, directory listing, command output, and sensitive local-file contents. It exfiltrates the collected data through a hard-coded Discord webhook.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm installs the package and invokes the `preinstall` lifecycle hook.
Impact
Unauthorized disclosure of system identity, working-directory contents, account details, and readable sensitive files.
Mechanism
preinstall host reconnaissance and Discord webhook exfiltration
Attack narrative
On installation, npm executes `index.js` through `preinstall`. The script enumerates the current directory, gathers user and host metadata, invokes system identity commands, and attempts to read Unix and Windows-sensitive paths. It formats this information into Discord embeds and POSTs it to a hard-coded webhook, then exits. This is an unconsented install-time data-exfiltration chain.
Rationale
Direct inspection confirms concrete preinstall reconnaissance, sensitive-file collection, and external exfiltration. The behavior is unrelated to a legitimate library implementation.
Evidence
package.jsonindex.jsgoogle-caja-bower-20.20.20.tgz/etc/passwd/home/.passwdC:\Windows\System32\config\SAMC:\Users
Network endpoints1
discord.com/api/webhooks/1471187072869073017/4TsUJVIxwZ_K73DBPmHOX4CDMq7TYdt1nTkg3KSCjA2L76gazQfO_mODyZfxPMuikqur

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
  • package.json runs `node index.js` during `preinstall`.
  • index.js collects user, home, host, OS, and current directory data.
  • index.js executes `id`, `whoami`, `hostname`, or `systeminfo`.
  • index.js attempts to read `/etc/passwd` and Windows SAM paths.
  • index.js POSTs collected data to a hard-coded Discord webhook.
Evidence against
  • No legitimate package functionality is implemented.
  • The bundled .tgz contains only the same manifest and entrypoint.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 7.54 KB of source, external domains: discord.com

Source & flagged code

7 flagged · loading source
package.jsonView file
scripts.preinstall = node index.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
index.jsView file
2const path = require('path'); L3: const https = require('https'); L4: const os = require('os'); L5: const child_process = require('child_process'); L6: ... L9: function getCurrentPathInfo() { L10: const currentPath = process.cwd(); L11: let files = []; ... L27: return { L28: user: process.env.USER || process.env.USERNAME || 'unknown', L29: uid: process.getuid ? process.getuid() : 'N/A', ... L36:
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

index.jsView on unpkg · L2
2Trigger-reachable chain: scripts.preinstall -> index.js L2: const path = require('path'); L3: const https = require('https'); L4: const os = require('os'); L5: const child_process = require('child_process'); L6: ... L9: function getCurrentPathInfo() { L10: const currentPath = process.cwd(); L11: let files = []; ... L27: return { L28: user: process.env.USER || process.env.USERNAME || 'unknown', L29: uid: process.getuid ? process.getuid() : 'N/A', ... L36:
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

index.jsView on unpkg · L2
2const path = require('path'); L3: const https = require('https'); L4: const os = require('os'); L5: const child_process = require('child_process'); L6: ... L9: function getCurrentPathInfo() { L10: const currentPath = process.cwd(); L11: let files = []; ... L27: return { L28: user: process.env.USER || process.env.USERNAME || 'unknown', L29: uid: process.getuid ? process.getuid() : 'N/A', ... L36:
High
Host Fingerprint Exfiltration

Source collects local host identity data and sends it to an external endpoint.

index.jsView on unpkg · L2
2const path = require('path'); L3: const https = require('https'); L4: const os = require('os'); L5: const child_process = require('child_process'); L6: ... L9: function getCurrentPathInfo() { L10: const currentPath = process.cwd(); L11: let files = []; ... L27: return { L28: user: process.env.USER || process.env.USERNAME || 'unknown', L29: uid: process.getuid ? process.getuid() : 'N/A', ... L36:
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

index.jsView on unpkg · L2
google-caja-bower-20.20.20.tgzView file
path = google-caja-bower-20.20.20.tgz kind = compressed_blob sizeBytes = 2601 magicHex = [redacted]
Medium
Ships Compressed Blob

Package ships compressed or archive-like blobs.

google-caja-bower-20.20.20.tgzView on unpkg
path = google-caja-bower-20.20.20.tgz kind = nested_archive_needs_inspection sizeBytes = 2601 magicHex = [redacted]
Low
Nested Archive Needs Inspection

Package ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.

google-caja-bower-20.20.20.tgzView on unpkg

Findings

2 Critical3 High4 Medium5 Low
CriticalCredential Exfiltrationindex.js
CriticalTrigger Reachable Dangerous Capabilityindex.js
HighInstall Time Lifecycle Scriptspackage.json
HighHost Fingerprint Exfiltrationindex.js
HighSandbox Evasion Gated Capabilityindex.js
MediumNetwork
MediumEnvironment Vars
MediumShips Compressed Blobgoogle-caja-bower-20.20.20.tgz
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNested Archive Needs Inspectiongoogle-caja-bower-20.20.20.tgz