OSV Malicious Advisory
scanned 8h ago · by OpenSSF/OSVOpenSSF/OSV advisory MAL-2026-10452 confirms this npm version as malicious. The package's package.json declares a preinstall hook (`node index.d.js`) that runs automatically on `npm install`. The script in index.d.js base64-decodes a payload whose decoded body fetches JavaScript from https://everydaynodechecker-39143n.vercel.app/api/key?mem=root1 and passes the response to `eval`...
Advisory
MAL-2026-10452
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in markdown-editable-table (npm)
Details
The package's package.json declares a preinstall hook (`node index.d.js`) that runs automatically on `npm install`. The script in index.d.js base64-decodes a payload whose decoded body fetches JavaScript from https://everydaynodechecker-39143n.vercel.app/api/key?mem=root1 and passes the response to `eval`. Both the destination URL (hidden inside a base64 blob) and the `eval` identifier (reassembled from the char-code array [101,118,97,108] via String.fromCharCode and invoked as `globalThis[tag](text)`) are obfuscated. The package metadata (repository `wooorm/markdown-table`, description, funding) impersonates the legitimate `markdown-table` package while shipping unrelated code, indicating a typosquat lure. Installing the package results in arbitrary attacker-controlled JavaScript executing on the installer's machine.
Decision reason
OpenSSF Malicious Packages via OSV confirms markdown-editable-table@2.4.4 as malicious (MAL-2026-10452): Malicious code in markdown-editable-table (npm)
References
Source & flagged code
0 flaggedNo flagged code excerpts are attached to this scan.
Findings
1 High
HighOsv Malicious Advisory