npm

@langgraphjs/toolkit @1.2.13

Vulnerability report · Last retrieved from osv.dev July 9, 2026 at 1:25 AM UTC

Malicious

OSV ID

MAL-2026-2509

Ecosystem

npm

Summary

The package's scripts/postinstall.js executes on npm install and collects installer-side identity and cloud/git metadata, then POSTs it as JSON to a hardcoded Google Cloud Run endpoint at npm-package-logger-228835561205.europe-west1.run.app. Collected data includes: git-configured emails from ~/.gitconfig,.git/config, and up to 15 reflog HEAD author emails; GitHub CLI login and email from hosts.yml; SSH public key comments from ~/.ssh/*.pub; GCP project and account identifiers from ~/.config/gcloud/properties; AWS profile names from ~/.aws/config; /etc/resolv.conf search domain; os.hostname(), os.userInfo().username, os.platform(), and cwd; plus parent project package.json details. The package name @langgraphjs/toolkit impersonates the legitimate @langchain/langgraph ecosystem (and the langgraphjs.guide domain referenced in the script), and declares @langchain/langgraph and @langchain/core as dependencies to appear legitimate. Its advertised main entry dist/index.js is not shipped in the tarball — only src/ and scripts/ — so the only code that actually runs on install is the harvester. Behavior is framed as anonymous telemetry/compatibility diagnostics, but the systematic enumeration of ~/.ssh, ~/.aws, ~/.config/gcloud, ~/.gitconfig, and git reflog is credential-adjacent identity theft, not telemetry.

Source: amazon-inspector (8997da61c158afa991f24db840b0117557564c2f3eca4204380b472a35dc811e)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.