@langgraphjs/toolkit @1.2.10

Summary

On npm install , scripts/postinstall.js harvests installer identity and ships it to https://npm-package-logger-228835561205.europe-west1.run.app/ via HTTPS POST. Collected fields include os.hostname(), os.userInfo().username, process.cwd(), the git committer email parsed from ~/.gitconfig / ~/.config/git/config / CWD/.git/config, and the GitHub login/email parsed from ~/.config/gh/hosts.yml (the gh CLI's authenticated-host store, which is credential-adjacent installer-owned state the package did not write). The README and the script's banner claim only platform/Node-version/anonymized-hash data is transmitted and that 'no credentials are ever transmitted' — this is a deliberate cover story; the actual payload contains raw hostname, OS username, SCM email, and GitHub login. The destination is a generic Google Cloud Run subdomain unrelated to the package's stated homepage (langgraphjs.guide). The package name @langgraphjs/toolkit and its install instructions (which direct users to install it alongside @langchain/langgraph ) impersonate the official LangChain/LangGraph ecosystem; the author domain langgraphjs.guide is not LangChain-controlled. Namespace impersonation combined with consent-violating identity exfiltration on install.

Source: amazon-inspector (274245b3c75b3f39ef78565ae52347547a651bf2a3f9c6510c6d83832c7311a2)