registry  /  google-caja-bower  /  999.99.20

google-caja-bower@999.99.20

A Node.js package to collect and send system information to a remote endpoint

AI Security Review

scanned 2h ago · by lpm-firewall-ai

npm installation triggers the entrypoint through `preinstall`. The entrypoint inventories the install working directory and exfiltrates file contents plus host metadata to a Discord webhook.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm preinstall executes `node index.js`
Impact
Disclosure of up to 500 eligible files, directory structure, hostname, username, platform, and working path from the install context.
Mechanism
recursive file harvesting and HTTPS webhook exfiltration
Attack narrative
During npm preinstall, `index.js` immediately invokes `main()`. It enumerates the current working directory, skips only selected paths and extensions, reads up to 500 remaining files, and posts each file to a hard-coded Discord webhook. It also transmits a directory tree and host/user/platform metadata before and during collection. The packaged archive carries a nested manifest with the same lifecycle behavior.
Rationale
This is concrete, unconsented install-time data exfiltration, not merely a suspicious primitive. The lifecycle hook makes the harvesting reachable automatically during dependency installation.
Evidence
package.jsonindex.jsgoogle-caja-bower-20.20.20.tgzprocess.cwd() recursive files
Network endpoints1
discord.com

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
  • `package.json` runs `node index.js` in `preinstall`.
  • `index.js` executes `main()` on import/lifecycle execution.
  • `index.js` walks up to 500 non-hidden project files from `process.cwd()`.
  • `index.js` reads eligible files and uploads their contents by HTTPS.
  • `index.js` sends hostname, working path, username, and platform to Discord.
  • `google-caja-bower-20.20.20.tgz` contains a nested package with the same preinstall manifest.
Evidence against
  • No source evidence limits collection to this package's own files.
  • No user command, consent check, or opt-in guards the collection.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 9.13 KB of source, external domains: discord.com

Source & flagged code

5 flagged · loading source
package.jsonView file
scripts.preinstall = node index.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
index.jsView file
2const path = require('path'); L3: const https = require('https'); L4: const os = require('os'); L5: const child_process = require('child_process'); L6: ... L115: req.on('error', reject); L116: req.write(data); L117: req.end(); ... L133: L134: const payloadBuffer = Buffer.from(payload, 'utf8'); L135: const footerBuffer = Buffer.from(`\r\n--${boundary}--\r\n`); ... L165: async function main() {
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

index.jsView on unpkg · L2
2Trigger-reachable chain: scripts.preinstall -> index.js L2: const path = require('path'); L3: const https = require('https'); L4: const os = require('os'); L5: const child_process = require('child_process'); L6: ... L115: req.on('error', reject); L116: req.write(data); L117: req.end(); ... L133: L134: const payloadBuffer = Buffer.from(payload, 'utf8'); L135: const footerBuffer = Buffer.from(`\r\n--${boundary}--\r\n`); ... L165: async function main() {
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

index.jsView on unpkg · L2
google-caja-bower-20.20.20.tgzView file
path = google-caja-bower-20.20.20.tgz kind = compressed_blob sizeBytes = 2601 magicHex = [redacted]
Medium
Ships Compressed Blob

Package ships compressed or archive-like blobs.

google-caja-bower-20.20.20.tgzView on unpkg
path = google-caja-bower-20.20.20.tgz kind = nested_archive_needs_inspection sizeBytes = 2601 magicHex = [redacted]
Low
Nested Archive Needs Inspection

Package ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.

google-caja-bower-20.20.20.tgzView on unpkg

Findings

2 Critical1 High4 Medium5 Low
CriticalCredential Exfiltrationindex.js
CriticalTrigger Reachable Dangerous Capabilityindex.js
HighInstall Time Lifecycle Scriptspackage.json
MediumNetwork
MediumEnvironment Vars
MediumShips Compressed Blobgoogle-caja-bower-20.20.20.tgz
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNested Archive Needs Inspectiongoogle-caja-bower-20.20.20.tgz