OSV Malicious Advisory
scanned 3h ago · by OpenSSF/OSVOpenSSF/OSV advisory MAL-2026-10064 confirms this npm version as malicious. multer-orm is a typosquat of the widely used `multer` middleware. Its README is copied from multer, but the package adds a load-time dropper in lib/feature.js that fires as soon as any consumer runs `require('multer-orm')`. On Windows the module IIFE auto-invokes a handler that fetches JSON from https://hilbert-self.vercel.app/, extracts a `downloader_url`, downloads the referenced binary into the Chrome User Data...
Decision evidence
public snapshotSource & flagged code
5 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
lib/feature.jsView on unpkgA single source file combines environment access, network access, and code or shell execution; review context before blocking.
lib/feature.jsView on unpkg · L1Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.
lib/feature.jsView on unpkg · L1