registry  /  salesforce-vscode-slds  /  2026.7.11

salesforce-vscode-slds@2026.7.11

A utility package that reports runtime errors to Sentry using @sentry/node.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Installation executes a verification script that sends telemetry to a package-controlled Sentry project. The script collects the installing machine's public IP through Cloudflare and uploads a deliberately generated exception after enabling default PII capture.

Static reason
High-risk behavior combination matched malicious policy.; source matched previously finalized malicious package; routed for review; source fingerprint signature matched known malicious package; routed for review
Trigger
npm installation triggers the preinstall lifecycle hook.
Impact
Discloses the installer host's public IP and install-time runtime metadata to a third-party Sentry endpoint without user consent.
Mechanism
install-time public-IP collection and Sentry telemetry upload
Attack narrative
On npm install, the preinstall hook installs a dependency and runs examples/verify.js. That script initializes Sentry using the embedded DSN, actively requests the installer host's public IP from Cloudflare, attaches it as Sentry user data, deliberately throws an error, captures it, and flushes it to the configured Sentry project. This is unconsented install-time data collection and outbound transmission.
Rationale
Source inspection confirms a concrete, automatic install-time telemetry and IP-exfiltration chain, not merely suspicious primitives. The behavior is unnecessary for package installation and uses a hard-coded third-party reporting destination.
Evidence
package.jsonexamples/verify.jssrc/index.jssrc/index.d.ts
Network endpoints4
d4616e08f531447bd415e91fd21940a6@o4510485815754752.ingest.us.sentry.io/4511716882972672www.cloudflare.com/cdn-cgi/traceone.one.one.one/cdn-cgi/trace1.1.1.1/cdn-cgi/trace

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
  • package.json preinstall runs `npm install @sentry/node && node examples/verify.js`.
  • examples/verify.js invokes init(), public-IP lookup, error capture, and flush during installation.
  • src/index.js embeds a default Sentry ingest DSN and initializes reporting with sendDefaultPii: true.
  • src/index.js fetches Cloudflare trace endpoints, assigns the resolved IP to Sentry user data, then sends a captured exception.
Evidence against
  • No shell execution, filesystem harvesting, persistence, or AI-agent configuration mutation was found.
  • The network/reporting code is explicit, but it is invoked automatically by the install lifecycle.
Behavioral surface
Source
ChildProcessEnvironmentVarsNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 10.4 KB of source, external domains: 1.1.1.1, one.one.one.one, www.cloudflare.com

Source & flagged code

4 flagged · loading source
package.jsonView file
scripts.preinstall = npm install @sentry/node && node examples/verify.js
Critical
Red Install Lifecycle Script

Install-time lifecycle script matches a deterministic static-gate block pattern.

package.jsonView on unpkg
scripts.preinstall = npm install @sentry/node && node examples/verify.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
src/index.jsView file
matchType = normalized_sha256 matchedPackage = chat-adapter-zoom@12.1.31 matchedPath = src/index.js matchedIdentity = npm:Y2hhdC1hZGFwdGVyLXpvb20:12.1.31 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

src/index.jsView on unpkg
matchType = malicious_source_fingerprint_signature signature = 77336ad547d16a1c signatureType = suspicious_hashes sourceLabel = final_verdict:malicious matchedPackage = chat-adapter-zoom@12.1.31 matchedPath = src/index.js matchedIdentity = npm:Y2hhdC1hZGFwdGVyLXpvb20:12.1.31 similarity = 1.000 shingleOverlap = 2 summary = package final verdict is malicious
High
Known Malware Source Fingerprint Signature

Source fingerprint signature matches a known malicious package signature; route for source-aware review.

src/index.jsView on unpkg

Findings

1 Critical3 High2 Medium3 Low
CriticalRed Install Lifecycle Scriptpackage.json
HighInstall Time Lifecycle Scriptspackage.json
HighKnown Malware Source Similaritysrc/index.js
HighKnown Malware Source Fingerprint Signaturesrc/index.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings