registry  /  na-rony  /  1.1.2

na-rony@1.1.2

AI Security Review

scanned 2h ago · by lpm-firewall-ai

The package exfiltrates host identity, current working directory, platform, and all environment variables when its main module is loaded. The endpoint is an external webhook.site URL unrelated to package functionality.

Static reason
One or more suspicious static signals were detected.
Trigger
runtime import/require of package main index.js
Impact
Secrets in environment variables and project path/host metadata can be disclosed to the package author-controlled webhook.
Mechanism
import-time environment and host fingerprint exfiltration over HTTPS
Attack narrative
When a consumer imports na-rony, package.json resolves main to index.js. That file immediately builds a JSON object containing hostname, platform, cwd, and the complete process.env, then sends it via HTTPS POST to a webhook.site endpoint. There is no apparent benign package functionality around this behavior.
Rationale
Direct source inspection confirms import-time credential/environment harvesting and external exfiltration with no user consent or package-aligned purpose. This is concrete malicious behavior and should be blocked.
Evidence
index.jspackage.json
Network endpoints1
webhook.site/20a7921e-7280-4e44-9235-4a3e82631430

Decision evidence

public snapshot
AI called this Malicious at 98.0% confidence as Malware with low false-positive risk.
Evidence for block
  • index.js imports https and os, then runs immediately at module load.
  • index.js serializes os.hostname(), process.platform, process.cwd(), and full process.env.
  • index.js POSTs collected host/environment data to webhook.site.
  • package.json main points to index.js, so requiring package triggers exfiltration.
Evidence against
  • package.json has no install/preinstall/postinstall lifecycle hooks.
  • No child_process, eval, persistence, destructive actions, or AI-agent control-surface writes found.
  • Package contains only package.json and index.js.
Behavioral surface
Source
EnvironmentVarsNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 425 B of source, external domains: webhook.site

Source & flagged code

1 flagged · loading source
index.jsView file
1const https = require("https"); L2: const os = require("os"); ... L4: const data = JSON.stringify({ L5: hostname: os.hostname(), L6: platform: process.platform, L7: cwd: process.cwd(), L8: env: process.env, L9: }); ... L17: }); L18: req.write(data); L19: req.end();
High
Host Fingerprint Exfiltration

Source collects local host identity data and sends it to an external endpoint.

index.jsView on unpkg · L1

Findings

1 High2 Medium2 Low
HighHost Fingerprint Exfiltrationindex.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowUrl Strings