@kedem/okdb @1.8.3
Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 4:30 AM UTC
OSV ID
MAL-2026-4399
Ecosystem
npm
Summary
The package's CLI entry point at bin/okdb.js is a heavily obfuscated single-line bundle (hex-mangled symbols like _0x2a69e2/_0x5d02f6) that constructs HTTP POST requests to a hardcoded host (node-a.example.com) while reading process.env values and invoking 'ping' commands. The combination of (a) hex-obfuscated variable naming consistent with deliberate concealment, (b) a hardcoded remote POST destination embedded directly in the bundle, and (c) process.env reads adjacent to the network call inside the same obfuscated scope is the canonical command-and-control / environment-exfiltration shape. The bin entry runs whenever an installer invokes the CLI, transmitting host and environment data to the attacker-controlled endpoint. A second file okdb.js at the package root contains additional hardcoded POST patterns reinforcing the same network behavior.
Source: amazon-inspector (cfce9a94c70e54caff77645f380418abda1bb1a38ad9cda61f6fbeaa482e2fed)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.