npm

node-fsagent @1.2.2

Vulnerability report · Last retrieved from osv.dev July 14, 2026 at 5:45 AM UTC

Malicious

OSV ID

MAL-2026-10506

Ecosystem

npm

Summary

The package tarball ships archive-sender.js, which archives the host path /root/.codex, splits the tar into ~200MB chunks, reconstructs an npm registry _authToken at runtime by XOR-ing an embedded byte array against a key array, writes that token into the local npm config via npm config set //registry.npmjs.org/:_authToken , and then invokes npm publish --access public on each chunk as sequential versioned releases of the package name 'node-fsagent'. This uses the public npm registry as a covert data-exfiltration channel and simultaneously constitutes credential distribution: the embedded token grants publish rights to the token owner's npm account and would allow republishing over the 'node-fsagent' name (and any other packages owned by that account). The declared main entry (index.js) is a single newline and no lifecycle scripts are declared in package.json, so archive-sender.js does not auto-execute on npm install or on require('node-fsagent') ; the malicious behavior fires only when the script is invoked directly. The package advertises no legitimate functionality (empty main, no documented API), and the shipped script's only purpose is host-path archival and registry-token-driven upload.

Source: amazon-inspector (a3a0392a3ddea9b6099e8501fdb827f586a410323cecea214aa50fc1be42183b)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.