data-utils-d703 @1.0.0
Vulnerability report · Last retrieved from osv.dev July 10, 2026 at 1:30 AM UTC
OSV ID
MAL-2026-6112
Ecosystem
npm
Summary
The package declares a postinstall lifecycle hook ("postinstall": "node run.js" in package.json) that executes run.js automatically on install. run.js imports child_process, os, https, and http, calls os.hostname() and os.platform(), and contains multiple POST and GET HTTP request sites. This combination — automatic install-time execution plus host enumeration plus outbound HTTP — is the structural shape of an installer-side exfiltration or dropper, but the specific destinations, payload contents, and execution paths within run.js have not been fully traced, so attacker intent is not confirmed. Manual review of run.js is required to determine whether the network calls target attacker-controlled infrastructure and whether host data is exfiltrated or remote code is fetched and executed.
Source: amazon-inspector (e172168e5ac500d10ae42718a87676ad44a589b31dbeb5f902ea7fb1c4e6a984)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.