layerd-unit-codec-parser @2.0.0
Vulnerability report · Last retrieved from osv.dev July 10, 2026 at 1:30 AM UTC
OSV ID
MAL-2026-6578
Ecosystem
npm
Summary
The package presents itself as a CSS selector parser (src/selector-parser.js re-exports postcss-selector-parser; keywords postcss/selector/parser/css), but its main module also exposes run / runDefaultDecodedFunction / finalFinalDecodeAndRun. src/config/defaults.js ships an ~10KB opaque AES-GCM ciphertext (DEFAULT_FINAL_ENCODED_TEXT) alongside a hardcoded passphrase ("default-dev-passphrase"); src/aes/aes-gcm.js uses base64 Buffer decoding and scrypt to derive the key, decrypts the blob, and src/pipeline/custom-codec-pipeline.js invokes the plaintext as code through new Function("require", runnable)(require), granting the smuggled bytes full Node require/process capabilities. The package's own runtime/lib.min.js calls require("../src").run(), and package.json scripts (start, decode, test:cjs) plus a root cjs-runner.js funnel into the same decrypt-and-execute path. None of this is documented in the README, which describes only selector parsing and encode/decode helpers. A consumer who installs the package and runs the advertised npm start / decode scripts, or who imports and calls run(), executes the hidden payload. The combination of an opaque encrypted executable shipped in the tarball, a hardcoded key that makes the ciphertext functionally equivalent to shipping the code while evading source review, and an undocumented entry point that invokes it with full Node capabilities is a backdoor pattern. The postcss-selector-parser API mimicry increases the chance of the hidden run() path being reached.
Source: amazon-inspector (ca65bb450fc2f4d4596fbcc2ddd81af358c2d02f94d965b18e532d8afa62ef5f)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.