simplisafe-gatsby @1.0.1
Vulnerability report · Last retrieved from osv.dev June 24, 2026 at 12:37 PM UTC
OSV ID
MAL-2026-6379
Ecosystem
npm
Summary
On npm install , the package's preinstall hook ( package.json declares "preinstall": "node index.js" ) executes index.js, which collects the installer's hostname, username, home directory, DNS configuration, package metadata, and the contents of /etc/passwd and /etc/hosts (via fs.readFileSync), then POSTs the collected data over HTTPS to a Burp Collaborator subdomain at xpqamgvad3ok4bc11xar5t7q8he820qp.oastify.com. The package has no advertised functionality (empty author, empty description, single recon payload file) and its name is consistent with a dependency-confusion attempt against SimpliSafe's internal Gatsby package namespace. Any machine that runs npm install against this name will leak system identity and local-account information to the attacker.
Source: amazon-inspector (564baff2e47527f159c52c527e1ea2b93d73625f94737f4397cff99311871a18)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.