registry  /  patchwork-os  /  1.1.0-beta.3.canary.414

patchwork-os@1.1.0-beta.3.canary.414

Your personal AI runtime, local-first. Patchwork OS gives any AI model a consistent set of tools, YAML recipes, a delegation policy with approval queue, and a durable trace memory — all on your machine, all under your policy.

OSV Malicious Advisory

scanned 14h ago · by OpenSSF/OSV

OpenSSF/OSV advisory MAL-2026-10744 confirms this npm version as malicious. The package's Gemini driver at dist/drivers/gemini/index.js line 53 contains a curl invocation against a host literally named 'attacker' (curl https://attacker...), reached from an install/setup code path referenced on line 286. Additional files across the tarball (dist/index.js, dist/config.js, dist/server.js, dist/orchestrator/childBridgeClient.js, dist/haltPushDispatch.js, dist/dashboard.js, and numerous...

Advisory
MAL-2026-10744
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in patchwork-os (npm)
Details
The package's Gemini driver at dist/drivers/gemini/index.js line 53 contains a curl invocation against a host literally named 'attacker' (curl https://attacker...), reached from an install/setup code path referenced on line 286. Additional files across the tarball (dist/index.js, dist/config.js, dist/server.js, dist/orchestrator/childBridgeClient.js, dist/haltPushDispatch.js, dist/dashboard.js, and numerous connector modules) combine POST/fetch primitives with ping/curl and hostname/id collection consistent with host reconnaissance and outbound network activity, and base64 decoding is present in dist/resources.js and dist/connectors/airtable.js. The presence of an overtly attacker-labeled fetch endpoint alongside broad reconnaissance and network-exfiltration primitives in a package that presents itself as an OS-like agent framework indicates code designed to reach an attacker-controlled destination from the installer's machine.
Decision reason
OpenSSF Malicious Packages via OSV confirms patchwork-os@1.1.0-beta.3.canary.414 as malicious (MAL-2026-10744): Malicious code in patchwork-os (npm)

Source & flagged code

0 flagged
No flagged code excerpts are attached to this scan.

Findings

1 High
HighOsv Malicious Advisory