npm

test-pkg-pnpm @1.0.4

Vulnerability report · Last retrieved from osv.dev July 2, 2026 at 1:05 AM UTC

Malicious

OSV ID

MAL-2026-6716

Ecosystem

npm

Summary

On npm install , the package's postinstall script ( node demo-clean.js ) auto-executes two installer-side actions without consent. First, openDemo() platform-branches via execSync to open https://github.com/X3r0Day/BunnyHijack in the installer's default browser and to spawn the OS calculator ( calc on Windows, open -a Calculator on macOS, gnome-calculator / kcalc on Linux) — the canonical calc.exe proof of unauthenticated code execution on the installer's host. Second, cleanup() walks every ancestor directory of INIT_CWD , process.cwd() , and the user's home directory, calling fs.rmSync(..., {recursive:true, force:true}) against paths inside each ancestor's node_modules , node_modules/.pnpm , node_modules/.bin/node* shims, ~/.npm/_npx , ~/.bun/install/cache , and tmpdir entries; cleanupPackageJson() then reads each ancestor package.json and rewrites it via fs.writeFileSync after deleting matching entries from dependencies , devDependencies , optionalDependencies , and peerDependencies . The destructive recursive-force-rm operates well outside the package's own directory and reaches the user's home tree, and the spawned-process primitive can be retargeted to any binary in a future release.

Source: amazon-inspector (ae5df84cbdf3092d5f7b8f405248144eacdf5119c756c97726974e547810ebec)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.