registry  /  rtc-integration-frontend-sdk  /  99.9.0

rtc-integration-frontend-sdk@99.9.0

OSV Malicious Advisory

scanned 2h ago · by OpenSSF/OSV

OpenSSF/OSV advisory MAL-2026-10129 confirms this npm version as malicious. rtc-integration-frontend-sdk@99.9.0 registers a postinstall lifecycle hook ("postinstall": "node index.js") that fires automatically on npm install. index.js collects installer host reconnaissance — os.hostname(), userInfo().username, platform/arch, local network interface addresses, the public IP resolved via a call to https://api.ipify.org, the current working directory, and the package name — and POSTs the...

Advisory
MAL-2026-10129
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in rtc-integration-frontend-sdk (npm)
Details
rtc-integration-frontend-sdk@99.9.0 registers a postinstall lifecycle hook ("postinstall": "node index.js") that fires automatically on npm install. index.js collects installer host reconnaissance — os.hostname(), userInfo().username, platform/arch, local network interface addresses, the public IP resolved via a call to https://api.ipify.org, the current working directory, and the package name — and POSTs the collected data to a hardcoded Discord webhook at discord.com/api/webhooks/. The package name and 99.9.0 version shape are consistent with a typosquat/version-bump lure; installing the package causes unconditional install-time exfiltration of host identifiers to an attacker-controlled endpoint.
Decision reason
OpenSSF Malicious Packages via OSV confirms rtc-integration-frontend-sdk@99.9.0 as malicious (MAL-2026-10129): Malicious code in rtc-integration-frontend-sdk (npm)

Source & flagged code

0 flagged
No flagged code excerpts are attached to this scan.

Findings

1 High
HighOsv Malicious Advisory