getd-typescript-eslint-rules @0.0.1
Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 3:29 AM UTC
OSV ID
MAL-2026-5470
Ecosystem
npm
Summary
On npm install , the postinstall.js script collects the installer's hostname, OS username, platform, current working directory, CI environment markers (CI, BUILD_BUILDID, AGENT_NAME), and package name/version, then sends them as query parameters in an HTTPS GET to a hardcoded webhook.site collector (https://webhook.site/18dc4281-d366-438a-9186-76fbcd56ade5). Errors are swallowed so the install does not fail visibly. The package's own metadata declares it a typosquat targeting @getd/typescript-eslint-rules and frames the beacon as 'defensive security research,' but the on-install behavior identifies any installer (including internal CI build agents) to a third-party endpoint regardless of stated intent.
Source: amazon-inspector (caed4b0db34232c4ef920817b6087cee9ac0610ec4ec2e49edbb5f167342f42f)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.