ac-raf-emitter @3.0.1
Vulnerability report · Last retrieved from osv.dev July 15, 2026 at 3:52 PM UTC
OSV ID
MAL-2026-10675
Ecosystem
npm
Summary
package.json declares a preinstall lifecycle script that runs curl -X POST against a hardcoded webhook.site collector URL (https://webhook.site/54919426-084d-4288-8f80-e36ae5c76e32), passing the installer's hostname and a timestamp as query parameters. The exfiltration fires automatically on npm install before any consumer code runs. The destination is an anonymous, author-controlled request-inspection endpoint with no legitimate role in the package's advertised functionality.
Source: amazon-inspector (4a9d9e454c08fdafa531ee74a3bc52513d5bc39413810db4a6371494872984f8)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.