ai-gen-ai-opt-in @99.0.0
Vulnerability report · Last retrieved from osv.dev July 8, 2026 at 8:23 PM UTC
OSV ID
MAL-2026-6990
Ecosystem
npm
Summary
ai-gen-ai-opt-in@99.0.0 declares a postinstall hook (postinstall.js) that runs automatically on npm install. The script collects the installer's hostname (os.hostname()), OS username (os.userInfo().username), and public IP/geo/ISP data (fetched from ip-api.com over HTTPS), then encodes those values and issues a DNS lookup for a subdomain of an attacker-controlled Burp Collaborator-style callback host (p1r2d74iwjk057raam6myf7e258wzkt8i.oastify.com). This is a covert out-of-band DNS exfiltration channel that leaks installer identity and location data to a third party on every install, with no legitimate documented purpose.
Source: amazon-inspector (a34dae027378ca986d5e99aa7c9ffc5efe590e4697e1255970ce713f6d309e74)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.