npm-sandbox-research-d7e8 @1.0.0
Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 3:29 AM UTC
OSV ID
MAL-2026-5761
Ecosystem
npm
Summary
Package declares a postinstall lifecycle hook ("postinstall": "node run.js") that auto-executes on install. The package ships beacon scripts (beacon12.js, beacon_linux.js) that import child_process, os, and http, collect host identifiers via os.hostname() and os.platform(), and issue outbound HTTP GET/POST requests via http.request() carrying that data off-host. The combination of automatic install-time execution, host enumeration, and unconditional outbound HTTP to non-registry endpoints is a host-beacon / exfiltration pattern that runs on any developer or CI machine that runs npm install against this package.
Source: amazon-inspector (3ff31cbf7e2e36cef422933472638912cd6ee6652ece9b03d11faa98b70d13e9)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.