search-connector-template @1.1.0
Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 4:30 AM UTC
OSV ID
MAL-2026-4664
Ecosystem
npm
Summary
package.json declares preinstall: node index.js , which fires automatically on npm install . index.js collects host identity (hostname, username, homedir, DNS servers) and reads installer-owned system files (/etc/passwd, /etc/hosts), then POSTs the JSON payload over HTTPS to a Burp Collaborator OAST subdomain ( 615arnt4a5f6ii011q8kggqfk6q1er2g.oastify.com ). This is a classic install-time exfiltration beacon: the destination is attacker-controlled, the data leaving the host belongs to the installer rather than the package author, and execution requires no user action beyond running npm install .
Source: amazon-inspector (24aea8e5a7338c49dc96e3945ed4d695024c2e169f560e6f3426005ca4666ea4)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.