cppt-common @13.1.1
Vulnerability report · Last retrieved from osv.dev July 15, 2026 at 7:51 AM UTC
OSV ID
MAL-2026-10632
Ecosystem
npm
Summary
cppt-common@13.1.1 declares a preinstall hook ("preinstall": "node index.js") that runs automatically on npm install. index.js collects host and user identifiers — os.hostname(), os.userInfo(), the output of whoami and id via child_process.exec, platform/arch/memory, cwd, homedir, and shell — and POSTs the collected JSON to a hardcoded endpoint at https://mj9yg25wm8m4vnkrrok8lwcogfm6awyl.oastify.com/detox56. The oastify.com host is a Burp Collaborator out-of-band callback domain used for exfiltration. The package has empty description and author fields and provides no advertised functionality; its only install-time effect is the reconnaissance beacon.
Source: amazon-inspector (484688d5963a9246f4fe7a2b5c1c7ebe6bba135a2a5df66b3ab57f44978407b2)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.