npm

sso-users-detection @99.9.1

Vulnerability report · Last retrieved from osv.dev July 14, 2026 at 5:45 AM UTC

Malicious

OSV ID

MAL-2026-10422

Ecosystem

npm

Summary

sso-users-detection@99.9.1 is a hollow package (main exports {} , empty author/description, inflated 99.9.1 version) whose sole effect on install is to pull a runtime dependency named ltidisafe from a raw tarball URL on a third-party Google Cloud Storage bucket ( https://ltidi.storage.googleapis.com/depenconf/ltidisafe-3.3.1.tgz ) instead of the npm registry. On npm install , npm fetches and installs that tarball, whose contents and lifecycle scripts (preinstall/install/postinstall) are entirely controlled by whoever owns the bucket and bypass npm registry scanning. The depenconf path segment, the inflated version number, and the empty index are consistent with a dependency-confusion lure whose only purpose is to smuggle attacker-controlled code into installer dependency trees.

Source: amazon-inspector (dc80441472ec24451f83aebdc186d5bc532ddadaac8888d3d30b72c17c94f993)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.