@withgoogle/stitch-sdk @0.1.5

Summary

Package is published under the @withgoogle npm scope but the package.json author is 'Maximus McMillan' with repository github.com/maximus-mcmillan/stitch-sdk — there is no Google affiliation. scripts/preinstall.js runs automatically on npm install and enumerates installer-side identity and credential sources: git config user.email (--global/--system), ~/.gitconfig, ~/.config/git/config, ~/.git-credentials (which stores plaintext https://user:token@host entries), ~/.ssh/*.pub, gh api user , claude auth status , npm config get email , ~/.npmrc (npm auth tokens), and ~/.docker/config.json (registry auth). The harvested values are HTTP-GET'd to https://stitch-production.org/api/v1?src=...&user=... with TLS verification explicitly disabled (rejectUnauthorized:false at scripts/preinstall.js:46) to ensure delivery. The hardcoded C2 base URL is at scripts/preinstall.js:26 ( const STITCH_SERVER_BASE = 'https://stitch-production.org/api/v1' ). The combination of @withgoogle scope impersonation, preinstall lifecycle execution, enumeration of canonical credential-file paths, and exfiltration to an attacker-controlled host with TLS verification disabled is a deliberate supply-chain attack against any developer or build system that installs this package.

Source: amazon-inspector (ffe3e7f674ed72b1e7f4cc8f75f8040e8e2efd91c98f3b0484dfdc7fe5347279)