giantswarm @22.0.1
Vulnerability report · Last retrieved from osv.dev July 12, 2026 at 11:38 PM UTC
OSV ID
MAL-2026-10203
Ecosystem
npm
Summary
The package declares a preinstall hook ( node index.js ) that runs automatically on npm install . index.js collects host reconnaissance — hostname, platform, arch, home directory, username/uid/gid/shell, whoami , id , and cwd — and POSTs the collected data as JSON to a hardcoded Burp Collaborator subdomain at https://w305i20ui5s5476lc3b998z28tek2bq0.oastify.com/detox56. The package ships with empty description, author, and license fields and no functional code beyond the beacon. The unscoped name giantswarm impersonates the Giant Swarm vendor namespace, consistent with a dependency-confusion attack targeting private @giantswarm/* scopes.
Source: amazon-inspector (75f3a244f2761c56347f695897a491d23ab04cafe1e5b0e46fd7d0d2c993f828)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.