ts-linter-builders @1.0.4
Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 3:29 AM UTC
OSV ID
MAL-2026-6195
Ecosystem
npm
Summary
index.js imports child_process and contains a hardcoded outbound POST to https://tg-wallet-manager.vercel.app, with additional fetch() calls to the same destination. The code reads environment data and host identifiers and ships them to this attacker-controlled endpoint. The package name advertises a TypeScript linter helper, but the embedded behavior is unrelated to linting and matches the shape of a credential/host-info beacon. The hardcoded third-party Vercel-hosted endpoint, combined with environment reads and child_process import, constitutes an installer-side exfiltration / RCE staging surface with no legitimate purpose for a 'linter builder' package.
Source: amazon-inspector (a22153f1e71ba9fb51ce22d5fc57180ce4d8998995fbc4bd554d6dd532c195b6)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.