MAL-2026-10208

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@meziizana/frontend-logger/MAL-2026-10208.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-10208
Published
2026-07-12T20:49:38Z
Modified
2026-07-12T21:31:53.495760806Z
Summary
Malicious code in @meziizana/frontend-logger (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (a7d77255cb713e19b9560cc339e937518fdbfb49ab048d9d5a65ad81c1309a9a)

package.json declares a preinstall lifecycle script that runs wget against https://webhook.site/f164a383-b9e7-4379-b18c-38bf41a3c152/ with query parameters carrying the installer's username ($(whoami)), current working directory ($(pwd)), and hostname ($(hostname)). This fires automatically on npm install with no user consent and sends installer-identifying reconnaissance data to a third-party collection endpoint. webhook.site is a public request-inspection service commonly abused as a low-effort exfiltration sink; the destination is not tied to any legitimate build or install task.

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "10.0.0"
            ],
            "id": "IN-MAL-2026-009765",
            "import_time": "2026-07-12T21:20:01.52792836Z",
            "modified_time": "2026-07-12T20:49:38Z",
            "sha256": "a7d77255cb713e19b9560cc339e937518fdbfb49ab048d9d5a65ad81c1309a9a",
            "source": "amazon-inspector"
        }
    ]
}
References
Credits

Affected packages

npm / @meziizana/frontend-logger

Package

Name
@meziizana/frontend-logger
View open source insights on deps.dev
Purl
pkg:npm/%40meziizana/frontend-logger

Affected ranges

Affected versions

10.*
10.0.0

Database specific

indicators
{
    "evidence_files": [
        {
            "tlsh": "57f04cfb8628be53192687b025b1e24ef143f72f84765f2efcb72356106d8e02059b40",
            "sha256": "249cc0ba971b41a9a06232bf5672e394a8559d54d12de59ae33bbbfd3faf355c",
            "path": "package.json"
        }
    ],
    "package_integrity": [
        {
            "filename": "frontend-logger-10.0.0.tgz",
            "hashes": {
                "sha512_sri": "sha512-XmaqpVEs2GpegaBZEjLnPw7eGOhCLZNSZd592SHPiG9BdKwvpk4mxOGZmQ81P1ZZxq0t8ce7ML14Xw9lcrtX/g==",
                "sha1": "d6c196486ec3c854b6464e7dc65fd80f20bd008b"
            }
        }
    ]
}
cwes
[
    {
        "cweId": "CWE-506",
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature."
    }
]
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@meziizana/frontend-logger/MAL-2026-10208.json"