OSV Malicious Advisory
scanned 3h ago · by OpenSSF/OSVOpenSSF/OSV advisory MAL-2026-6578 confirms this npm version as malicious. The package presents itself as a CSS selector parser (src/selector-parser.js re-exports postcss-selector-parser; keywords postcss/selector/parser/css), but its main module also exposes run / runDefaultDecodedFunction / finalFinalDecodeAndRun. src/config/defaults.js ships an ~10KB opaque AES-GCM ciphertext (DEFAULT_FINAL_ENCODED_TEXT) alongside a hardcoded passphrase ("default-dev-passphrase"); src/aes/aes-gcm.js...
Advisory
MAL-2026-6578
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in layerd-unit-codec-parser (npm)
Details
The package presents itself as a CSS selector parser (src/selector-parser.js re-exports postcss-selector-parser; keywords postcss/selector/parser/css), but its main module also exposes run / runDefaultDecodedFunction / finalFinalDecodeAndRun. src/config/defaults.js ships an ~10KB opaque AES-GCM ciphertext (DEFAULT_FINAL_ENCODED_TEXT) alongside a hardcoded passphrase ("default-dev-passphrase"); src/aes/aes-gcm.js uses base64 Buffer decoding and scrypt to derive the key, decrypts the blob, and src/pipeline/custom-codec-pipeline.js invokes the plaintext as code through new Function("require", runnable)(require), granting the smuggled bytes full Node require/process capabilities. The package's own runtime/lib.min.js calls require("../src").run(), and package.json scripts (start, decode, test:cjs) plus a root cjs-runner.js funnel into the same decrypt-and-execute path. None of this is documented in the README, which describes only selector parsing and encode/decode helpers. A consumer who installs the package and runs the advertised npm start / decode scripts, or who imports and calls run(), executes the hidden payload. The combination of an opaque encrypted executable shipped in the tarball, a hardcoded key that makes the ciphertext functionally equivalent to shipping the code while evading source review, and an undocumented entry point that invokes it with full Node capabilities is a backdoor pattern. The postcss-selector-parser API mimicry increases the chance of the hidden run() path being reached.
Decision reason
OpenSSF Malicious Packages via OSV confirms layerd-unit-codec-parser@1.0.0 as malicious (MAL-2026-6578): Malicious code in layerd-unit-codec-parser (npm)
References
Source & flagged code
0 flaggedNo flagged code excerpts are attached to this scan.
Findings
1 High
HighOsv Malicious Advisory