npm

smb-portal-uikit @18.1.1

Vulnerability report · Last retrieved from osv.dev July 15, 2026 at 3:50 AM UTC

Malicious

OSV ID

MAL-2026-10616

Ecosystem

npm

Summary

Package smb-portal-uikit@18.1.1 declares a preinstall lifecycle hook that runs node index.js . On npm install , index.js invokes child_process.exec on whoami and id , reads os.hostname(), os.userInfo(), process.platform, and process.cwd(), and POSTs the collected host reconnaissance to a hardcoded attacker-controlled endpoint at https://a2dmzqok5w5seb3fac3w4kvcz35utohd.oastify.com (an oastify.com subdomain, a Burp Collaborator out-of-band interaction host commonly used as an exfiltration/beacon sink). The package ships no legitimate UI-toolkit functionality consistent with its name; the entire install-time behavior is reconnaissance and exfiltration.

Source: amazon-inspector (395b88ae26544dcfdfca9d46294e1f0558c2e5bade88bac0eb0797d1140debbe)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.