npm

amdocs-core-package @11.11.11

Vulnerability report · Last retrieved from osv.dev July 14, 2026 at 5:45 AM UTC

Malicious

OSV ID

MAL-2025-6695

Ecosystem

npm

Summary

The package declares a preinstall hook that runs index.js on npm install. index.js requires https and os, reads os.hostname(), and issues an https.request POST to a hardcoded *.oastify.com Burp Collaborator subdomain, additionally embedding the hostname into the DNS label of that subdomain for out-of-band capture. Package metadata is placeholder (empty description and author, version 11.11.11, name shaped like an internal 'amdocs' scope), consistent with a dependency-confusion payload targeting an internal namespace. Installing the package causes the installer's host identifier to leave the machine to an attacker-controlled collaborator domain.

Source: amazon-inspector (1e196068c171b8528ec4f1f0db852ef32a7b530ecce14d79696a21c4f685c2c6)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.