registry  /  trinity-scheme  /  20.0.0

trinity-scheme@20.0.0

description

AI Security Review

scanned 1d ago · by lpm-firewall-ai

Installing the package activates an npm `preinstall` hook. It executes an obfuscated command that transmits host identity and working-directory data to an external Pipedream endpoint.

Static reason
One or more suspicious static signals were detected.
Trigger
npm installation
Impact
Unconsented installation-time host reconnaissance and data exfiltration.
Mechanism
hex-decoded shell command executed via `child_process.exec`
Attack narrative
On npm installation, `package.json` invokes `preinstall.js`. The script reads and hex-decodes a command from `preinstall.json`, then executes it through the shell. The decoded curl request POSTs the installing account name, current directory, and hostname to an external Pipedream collector without user consent.
Rationale
This is concrete, obfuscated preinstall-time reconnaissance and exfiltration with no apparent package functionality. The lifecycle hook executes automatically during installation.
Evidence
package.jsonpreinstall.jspreinstall.json
Network endpoints1
eo7o7j442dx6yl6.m.pipedream.net/

OSV Corroboration

OpenSSF/OSV
Advisory
MAL-2026-10425
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in trinity-scheme (npm)
Details
On npm install, the package's preinstall lifecycle reads a hex-encoded `command` string from preinstall.json, decodes it via Buffer.from(..., 'hex'), and passes the decoded shell command to child_process.exec. The decoded payload collects the installer's `whoami`, `pwd`, and `hostname` output and POSTs the values to the hardcoded endpoint https://eo7o7j442dx6yl6.m.pipedream.net/. The command is stored in hex form to evade plain-text scanning; the package otherwise provides no functionality consistent with its declared name.

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
  • `package.json` runs `node preinstall.js` during npm preinstall.
  • `preinstall.js` reads a hex command from `preinstall.json`, decodes it, and executes it with `child_process.exec`.
  • `preinstall.json` decodes to a curl POST to `https://eo7o7j442dx6yl6.m.pipedream.net/`.
  • The POST collects `whoami`, `pwd`, and `hostname` automatically at install time.
Evidence against
  • No package source files beyond the lifecycle payload were present.
  • No evidence of a legitimate package function or user-invoked purpose was found.
Behavioral surface
Source
ChildProcessFilesystem
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 652 B of source

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.preinstall = node preinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.preinstall = node preinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High1 Medium2 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
LowScripts Present
LowFilesystem