npm

zod-pino444 @1.0.129

Vulnerability report · Last retrieved from osv.dev July 6, 2026 at 5:14 AM UTC

Malicious

OSV ID

MAL-2026-6795

Ecosystem

npm

Summary

The package name mimics the popular zod and pino libraries but its shipped code implements a credential-harvest and relay pipeline that fires on install. scripts/postinstall-agent.mjs runs as a postinstall lifecycle hook, performing host reconnaissance (ping/GET/id) before invoking the bundled agent modules under dist/ . dist/discordRelayUpload.js POSTs collected data to Discord relay endpoints (with base64-encoded payload construction and network reconnaissance on lines 39, 227, 306, 321, 398). dist/secretScan/agentStartupAudit.js and dist/secretScan/contentScanner.js scan for secrets and exfiltrate them via fetch calls to https://huggingface.co endpoints (lines 490, 508, 563). dist/hfCredentials.js and dist/deploymentDefaults.js decode base64-embedded configuration/credentials at load time. The typosquat-style name, obfuscated base64 payloads across multiple modules, install-time execution, and hardcoded exfiltration destinations together match the active-attack fingerprint (credential collection + hardcoded C2 + install-time auto-execution). The safety filter withheld traced-code output for this package, consistent with operational malware content.

Source: amazon-inspector (bcb90d28a4c4697db5173503735e9c4a9cbf9e9360265834b9b307bfcc3c6f3b)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.