@semacode/cli @1.5.28
Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 3:29 AM UTC
OSV ID
MAL-2026-4434
Ecosystem
npm
Summary
The bundled CLI (dist/index.js) contains a hardcoded outbound POST to https://sema.otimitare.online combined with reads of process.env and process.platform in the same module. The destination domain does not match any documented publisher infrastructure for a CLI tool and the call site issues an HTTP POST carrying environment- and platform-derived data. This pattern — hardcoded non-publisher C2 + env/platform reads + POST in a tool's main bundled entry — is the exfiltration shape and not consistent with normal telemetry from a reputable vendor (no opt-out, undocumented destination, suspicious lookalike-style hostname under a generic.online TLD).
Source: amazon-inspector (28a3662b8e26593b7bfec35d4d4f02595144885ee738891c4c9e6a89f9e50fbb)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.