registry  /  searchresults  /  999.0.0

searchresults@999.0.0

Security research PoC - Dependency Confusion Hunter by nitczi

AI Security Review

scanned 6h ago · by lpm-firewall-ai

Install lifecycle scripts exfiltrate host and CI environment metadata to an external Discord webhook. The package also performs an external IP lookup and DNS callback during installation.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm preinstall and postinstall lifecycle scripts
Impact
Leaks system identity, directories, network addresses, CI context, repository metadata, and secret-presence signals to an external endpoint.
Mechanism
install-time host/CI metadata exfiltration
Attack narrative
When installed, npm runs callback.js twice through preinstall and postinstall. The script gathers host, user, directory, network, Node, npm, and CI metadata, probes for common secret environment variables, sends JSON and Discord embed payloads to a hardcoded Discord webhook, and attempts a DNS callback containing encoded package/user/host data.
Rationale
The inspected source confirms unconsented install-time collection and exfiltration of environment and host metadata to external endpoints. The declared security-research PoC purpose does not remove the concrete lifecycle-triggered data exfiltration behavior.
Evidence
package.jsoncallback.jsindex.js
Network endpoints3
discord.com/api/webhooks/1522576351318638612/ONCJlNzz7qSy21aKVudMGYMgAadu2s5IRzCWi0s5LsLv0HWHCMra7FH8VJkcdvByEnZeapi.ipify.org?format=json*.discord.com

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
  • package.json runs `node callback.js` in both preinstall and postinstall.
  • callback.js executes immediately and posts collected system/user/CI data to a Discord webhook.
  • callback.js collects username, uid/gid, home directory, shell, hostname, platform, cwd, local/external IP, and CI metadata.
  • callback.js checks for AWS_ACCESS_KEY_ID, GITHUB_TOKEN, NPM_TOKEN, and DOCKER_PASSWORD presence and reports exposure status.
  • callback.js performs DNS callback using encoded package/user/host data under the webhook host.
Evidence against
  • index.js is inert metadata-only export.
  • No file writes, persistence, destructive behavior, or AI-agent control-surface mutation observed.
Behavioral surface
Source
ChildProcessEnvironmentVarsNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 10.00 KB of source, external domains: api.ipify.org, discord.com

Source & flagged code

3 flagged · loading source
package.jsonView file
scripts.preinstall = node callback.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
callback.jsView file
11L12: const https = require('https'); L13: const http = require('http'); L14: const os = require('os'); L15: const { execSync } = require('child_process'); L16: ... L23: try { L24: const interfaces = os.networkInterfaces(); L25: for (const name of Object.keys(interfaces)) { ... L43: try { L44: resolve(JSON.parse(data).ip); L45: } catch (e) {
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

callback.jsView on unpkg · L11
11Trigger-reachable chain: scripts.preinstall -> callback.js L11: L12: const https = require('https'); L13: const http = require('http'); L14: const os = require('os'); L15: const { execSync } = require('child_process'); L16: ... L23: try { L24: const interfaces = os.networkInterfaces(); L25: for (const name of Object.keys(interfaces)) { ... L43: try { L44: resolve(JSON.parse(data).ip); L45: } catch (e) {
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

callback.jsView on unpkg · L11

Findings

2 Critical1 High3 Medium3 Low
CriticalCredential Exfiltrationcallback.js
CriticalTrigger Reachable Dangerous Capabilitycallback.js
HighInstall Time Lifecycle Scriptspackage.json
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings