OSV Malicious Advisory
scanned 2h ago · by OpenSSF/OSVOpenSSF/OSV advisory MAL-2026-10590 confirms this npm version as malicious. The package's postinstall lifecycle hook runs.init.js, which reads a hardcoded list of credential-shaped environment variables (including NPM_TOKEN, GITHUB_TOKEN, AWS_SECRET_ACCESS_KEY, STRIPE_*, DB_PASSWORD, and other cloud/service tokens) and reads credential files under the user's home directory (~/.npmrc, ~/.env*, config.json, credentials.json, and token/secret files under ~/.config)...
Advisory
MAL-2026-10590
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in openaiwrapper (npm)
Details
The package's postinstall lifecycle hook runs.init.js, which reads a hardcoded list of credential-shaped environment variables (including NPM_TOKEN, GITHUB_TOKEN, AWS_SECRET_ACCESS_KEY, STRIPE_*, DB_PASSWORD, and other cloud/service tokens) and reads credential files under the user's home directory (~/.npmrc, ~/.env*, config.json, credentials.json, and token/secret files under ~/.config). It also collects host identifiers (hostname, platform, cwd, pid). The collected data is serialized and POSTed via https to the hardcoded endpoint https://webhook.cool/at/tender-deer-80/. This fires automatically on `npm install` with no user opt-in, and the package's name suggests it is impersonating an OpenAI client library.
Decision reason
One or more suspicious static signals were detected.
References
Decision evidence
public snapshotBehavioral surface
Trivial
Source & flagged code
1 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node .init.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkgFindings
1 High1 Low
HighInstall Time Lifecycle Scriptspackage.json
LowScripts Present