-= Per source details. Do not edit below this line.=-
The package exposes a method queryDBConnect that performs an HTTP GET against a URL stored as a base64-encoded constant (HASH_KEY) decoded at runtime via atob(). The decoded endpoint is https://api.jsonsilo.com/public/bbc58e47-8c79-4653-ab75-d94e69230854, a third-party JSON-hosting service whose content is mutable by whoever controls the record. The fetched JavaScript source is passed to Node's internal Module._compile as "errorcheck.js", loading and executing attacker-controlled code in the installer's process. A database connector library has no functional need to load remote code, and hiding the endpoint behind base64 obfuscation is characteristic of evasion rather than legitimate configuration.
{
"malicious-packages-origins": [
{
"modified_time": "2026-07-15T07:55:37Z",
"source": "amazon-inspector",
"import_time": "2026-07-15T08:51:04.457747549Z",
"versions": [
"1.0.1"
],
"id": "IN-MAL-2026-010624",
"sha256": "e23c446b06120537793ebc07d748d8de5334ae4ec6779bda5368885c72216e81"
}
]
}{
"package_integrity": [
{
"filename": "dbconnectify-1.0.1.tgz",
"hashes": {
"sha512_sri": "sha512-rpb4E5PSdiKf63f9CcaeyYvaBwsms4TFjBcSgAOArOjCqTfKCReOUiTds6tx+FpRwHJVUIla3XwYISWWzB15Og==",
"sha1": "f2097afd7705f946c7ed145157ee458834649910"
}
}
],
"evidence_files": [
{
"tlsh": "ea822e0637f72527017b7064a6cb4080a439f41b2b35d964be5cc6b15fa87b8ada37d8",
"path": "index.js",
"sha256": "ae4e914eca8211e8837642a52e8bc616b8f6d7de05585213d09a3be18e1c06cf"
}
]
}
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/dbconnectify/MAL-2026-10669.json"
[
{
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature.",
"cweId": "CWE-506"
}
]