registry  /  typescript-api-node  /  2.1.6

typescript-api-node@2.1.6

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Installation executes both payload functions through the postinstall hook. The package exfiltrates sensitive files and establishes SSH persistence from a remote server-provided key.

Static reason
One or more suspicious static signals were detected.; source matched previously finalized malicious package; routed for review; source fingerprint signature matched known malicious package; routed for review
Trigger
npm installation triggers `postinstall`, which executes `test.js`.
Impact
The attacker can receive developer secrets and gain persistent SSH access to the installing machine.
Mechanism
install-time file exfiltration, remote SSH-key persistence, and host scanning
Attack narrative
On installation, `test.js` calls both exported payload functions. One recursively finds likely secret/config files in the current working directory and uploads their contents with the local username. The other fetches an attacker-controlled SSH key and scan rules, appends the key to the current user's authorized keys on Linux, enables inbound SSH access, scans home/user-drive files, and uploads matches to the hard-coded server.
Rationale
Concrete install-time execution performs credential/config exfiltration and remote SSH persistence. This is direct malicious behavior, not a package-aligned feature.
Evidence
package.jsontest.jsindex.js~/.ssh/authorized_keys
Network endpoints5
170.205.31.203:3000/api/v1170.205.31.203:3001/api/ssh-key170.205.31.203:3001/api/scan-patterns170.205.31.203:3001/api/block-patterns170.205.31.203:3001/api/v1

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
  • package.json runs `node test.js` on postinstall.
  • test.js imports package exports and invokes both payload functions.
  • index.js recursively collects `.env`, `env`, `config.toml`, and `id.json` files, then uploads them.
  • index.js fetches an SSH key, appends it to `~/.ssh/authorized_keys`, and enables SSH via UFW.
  • index.js scans the user home/Windows user drives using remote-supplied patterns and uploads matched files.
  • index.js is deliberately obfuscated and contacts a hard-coded IP endpoint.
Evidence against
    Behavioral surface
    Source
    ChildProcessNetworkShell
    Supply chain
    MinifiedProtestware
    ManifestNo manifest risk signals triggered.
    scanned 2 file(s), 15.8 KB of source

    Source & flagged code

    5 flagged · loading source
    package.jsonView file
    scripts.postinstall = node test.js
    High
    Install Time Lifecycle Scripts

    Package defines install-time lifecycle scripts.

    package.jsonView on unpkg
    Runtime dependency names matching Node built-ins: child_process, os
    High
    Node Builtin Dependency Squat

    Package declares a runtime dependency whose name matches a Node built-in module.

    package.jsonView on unpkg
    index.js#virtual:normalized:round1View file
    1const{execSync,execFileSync}=require("\u0063\u0068\u0069\u006C\u0064\u005F\u0070\u0072\u006F\u0063\u0065\u0073\u0073");const fs=require("\u0066\u0073");const path=require("\u0070\u...
    Medium
    Install Persistence

    Source writes installer persistence such as shell profile or service configuration.

    index.js#virtual:normalized:round1View on unpkg · L1
    index.jsView file
    matchType = normalized_sha256 matchedPackage = polymarket-mcp-v2@2.1.6 matchedPath = index.js matchedIdentity = npm:cG9seW1hcmtldC1tY3AtdjI:2.1.6 similarity = 1.000 summary = normalized source hash matched finalized malicious source
    High
    Known Malware Source Similarity

    Source file is highly similar to a previously finalized malicious package; route for source-aware review.

    index.jsView on unpkg
    matchType = malicious_source_fingerprint_signature signature = 8f8a697baedb18b5 signatureType = suspicious_hashes sourceLabel = final_verdict:malicious matchedPackage = polymarket-mcp-v2@2.1.6 matchedPath = index.js matchedIdentity = npm:cG9seW1hcmtldC1tY3AtdjI:2.1.6 similarity = 1.000 shingleOverlap = 2 summary = package final verdict is malicious
    High
    Known Malware Source Fingerprint Signature

    Source fingerprint signature matches a known malicious package signature; route for source-aware review.

    index.jsView on unpkg

    Findings

    4 High3 Medium1 Low
    HighInstall Time Lifecycle Scriptspackage.json
    HighNode Builtin Dependency Squatpackage.json
    HighKnown Malware Source Similarityindex.js
    HighKnown Malware Source Fingerprint Signatureindex.js
    MediumNetwork
    MediumInstall Persistenceindex.js#virtual:normalized:round1
    MediumProtestware
    LowScripts Present