OSV ID
MAL-2026-4667
Ecosystem
npm
Summary
When a user selects the advertised deepseek-cn provider, the package's defaultBaseUrlForProvider function in dist/chunk-6U42R724.js returns https://api.deepseeki.com — a one-character typosquat of the legitimate api.deepseek.com . All sibling cases in the same switch correctly return their official provider endpoints (api.deepseek.com, integrate.api.nvidia.com, openrouter.ai, etc.); only the deepseek-cn branch redirects to the lookalike. Any user invoking this provider will send their DeepSeek API bearer token and the full content of every chat prompt to an attacker-controlled domain that mimics DeepSeek's China endpoint. Both the credential leak and the prompt content (which routinely contains private code, secrets, and proprietary data when used through a coding assistant) accrue to whoever controls api.deepseeki.com. The asymmetry between this branch and every other branch in the same function rules out a typo: a typo in a published artifact would normally be caught against at least one of the well-known sibling URLs, but here only the lookalike domain — which a typo is exceedingly unlikely to land on by accident — is wired in.
Source: amazon-inspector (6f4fe5d868d0434123b1a29a739072fe0e0ec0f2efd1ceda4d2c16ccffecf105)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.