AI Security Review
scanned 3h ago · by lpm-firewall-aiInstalling the package starts a detached background agent. The agent uses npm registry metadata as command-and-control, executes arbitrary shell commands, and exports command output or archived files through npm package publications.
OSV Corroboration
OpenSSF/OSVDecision evidence
public snapshot- `package.json` runs `node install.js` in `postinstall`.
- `install.js` decodes an embedded npm token and configures it for npm.
- Install code copies itself to `/tmp/.pm-agent.js` and spawns a detached daemon.
- Daemon polls `registry.npmjs.org/node-procmetrics` for base64 commands.
- Received commands are executed through `bash -c`; output is republished to npm.
- `__archive__` can tar arbitrary paths and upload chunks via npm publishes.
- Package contains only `package.json` and `install.js`; no legitimate metrics implementation is present.
Source & flagged code
5 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgSource mutates package metadata and republishes itself to npm.
install.jsView on unpkg · L1A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
install.jsView on unpkg · L1