npm

@radivi-ui/react-dialog @1.1.4

Vulnerability report · Last retrieved from osv.dev July 15, 2026 at 12:49 AM UTC

Malicious

OSV ID

MAL-2026-10605

Ecosystem

npm

Summary

@radivi-ui/react-dialog is a typosquat of @radix-ui/react-dialog whose main entry (index.js) is a self-executing IIFE that runs whoami and hostname via child_process.execSync when the package is loaded via require/import. The command outputs are hex-encoded and exfiltrated to the hardcoded Burp Collaborator subdomain vih2vewj1xxwlsd8dkgjqugtyk4bs1gq.oastify.com via both DNS resolution (dns.resolve of a crafted subdomain) and HTTP GET (http.get). The behavior fires unconditionally on module load with no user opt-in, no CLI gate, and no relation to any dialog/UI functionality the package name implies.

Source: amazon-inspector (b5e92ae03eb6adb090fb832665431984cccef31039bb920e3850535f4defe610)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.