npm

ai-gen-ai-opt-in @99.0.0

Vulnerability report · Last retrieved from osv.dev July 8, 2026 at 8:23 PM UTC

Malicious

OSV ID

MAL-2026-6990

Ecosystem

npm

Summary

ai-gen-ai-opt-in@99.0.0 declares a postinstall hook (postinstall.js) that runs automatically on npm install. The script collects the installer's hostname (os.hostname()), OS username (os.userInfo().username), and public IP/geo/ISP data (fetched from ip-api.com over HTTPS), then encodes those values and issues a DNS lookup for a subdomain of an attacker-controlled Burp Collaborator-style callback host (p1r2d74iwjk057raam6myf7e258wzkt8i.oastify.com). This is a covert out-of-band DNS exfiltration channel that leaks installer identity and location data to a third party on every install, with no legitimate documented purpose.

Source: amazon-inspector (a34dae027378ca986d5e99aa7c9ffc5efe590e4697e1255970ce713f6d309e74)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.