AI Security Review
scanned 3h ago · by lpm-firewall-aiThe package is an unscoped dependency-confusion PoC for @apple/mapkit-loader. Installing or invoking it creates a local tracking ID and beacons execution to an external Azure endpoint.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall lifecycle or npx/bin execution
Impact
Tracks successful installation or npx execution of a confusion package without explicit user opt-in.
Mechanism
install-time and runtime proof-of-execution network beacon
Attack narrative
A developer who installs mapkit-loader or runs npx mapkit-loader triggers package code. The code creates or reuses a persistent install ID under the user's cache directory, then POSTs that ID, version string, execution path, and timestamp to an external Azure host. The package labels itself as security research and warns the user, but the beacon is lifecycle-triggered and the package intentionally occupies a confusing unscoped name for Apple's scoped package.
Rationale
Direct source inspection confirms unconsented install-time network beaconing in a dependency-confusion package, even though it does not harvest credentials or execute shell commands. The concrete package-confusion behavior and telemetry justify blocking.
Evidence
package.jsonpostinstall.jsindex.jsREADME.md$XDG_CACHE_HOME/.mapkit-loader-id~/.cache/.mapkit-loader-id
Network endpoints1
npx-monitor-76056.azurewebsites.net/api/pingback
Decision evidence
public snapshotAI called this Malicious at 94.0% confidence as Malware with low false-positive risk.
Evidence for block
- package.json defines postinstall: node postinstall.js and bin mapkit-loader -> ./index.js
- postinstall.js runs at install time and sends an HTTPS POST to npx-monitor-76056.azurewebsites.net/api/pingback
- index.js sends the same pingback when invoked via npx/bin
- Both JS files create/read a persistent install identifier at $XDG_CACHE_HOME/.mapkit-loader-id or ~/.cache/.mapkit-loader-id
- README and console text state this is an npx confusion PoC for @apple/mapkit-loader
Evidence against
- Source does not read arbitrary files, credentials, or broad environment variables
- No child_process, eval/vm/Function, native binary loading, or destructive actions found
- Console output warns users that it is not Apple's official package
Behavioral surface
CryptoEnvironmentVarsFilesystemNetwork
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node postinstall.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node postinstall.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings