OSV Malicious Advisory
scanned 3h ago · by OpenSSF/OSVOpenSSF/OSV advisory MAL-2026-10616 confirms this npm version as malicious. Package smb-portal-uikit@18.1.1 declares a preinstall lifecycle hook that runs `node index.js`. On `npm install`, index.js invokes child_process.exec on `whoami` and `id`, reads os.hostname(), os.userInfo(), process.platform, and process.cwd(), and POSTs the collected host reconnaissance to a hardcoded attacker-controlled endpoint at https://a2dmzqok5w5seb3fac3w4kvcz35utohd.oastify.com (an oastify.com subdomain, a...
Decision evidence
public snapshotSource & flagged code
3 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
index.jsView on unpkg · L1Source fingerprint signature matches a known malicious package signature; route for source-aware review.
index.jsView on unpkg