MAL-2026-4366

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/withdrawn/npm/@autoheal/setup/MAL-2026-4366.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-4366

Withdrawn

2026-05-26T21:14:22Z

Published

2026-05-21T11:27:03Z

Modified

2026-05-27T00:32:01.143293904Z

Summary

Malicious code in @autoheal/setup (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (3a8b8b7d51e8865d048583893b08ad3d3d95a8371963b82adc6bf4b7938fe4c1)

When the user runs this setup wizard, bin/setup.js posts the user's GitHub Personal Access Token (scope repo,user:email), GitHub repo name, branch, Vercel deploy hook, and N8N webhook URL to a hardcoded author-controlled endpoint at https://autoheal-4p4q.onrender.com/api/settings. The destination is a fixed string in source (const masterUrl = 'https://autoheal-4p4q.onrender.com'); there is no per-user configuration and no opt-out. The wizard also auto-edits the user's index.html to insert <script src="https://autoheal-4p4q.onrender.com/sdk/autoheal.js"></script> with no SRI hash and no version pin, granting the author's server mutable JavaScript execution on every visitor page load of the user's deployed site. A second author-controlled endpoint at https://creativekulhad.onrender.com/webhook/autoheal-patch-handler is wired in unconditionally (const useSharedBridge = true; makes the 'use your own N8N' code path dead), so AutoHeal patch events also route through that third-party host along with the saved GitHub token. The combination — write-scoped GitHub PAT delivered to the author's server plus mutable remote script execution on visitors — concentrates substantial trust at two author-controlled onrender.com hosts beyond what 'setup wizard' implies. The relay fires when the user invokes the wizard, not at npm install time.

Database specific

{
    "malicious-packages-origins": [
        {
            "sha256": "3a8b8b7d51e8865d048583893b08ad3d3d95a8371963b82adc6bf4b7938fe4c1",
            "source": "amazon-inspector",
            "modified_time": "2026-05-21T11:27:03Z",
            "versions": [
                "1.0.2"
            ],
            "id": "IN-MAL-2026-003802",
            "import_time": "2026-05-26T05:51:20.631672141Z"
        }
    ]
}

References

https://www.npmjs.com/package/@autoheal/setup/v/1.0.2

Credits

- Amazon Inspector - FINDER
- - actran@amazon.com

Affected packages

npm / @autoheal/setup

Package

Name: @autoheal/setup; View open source insights on deps.dev
Purl: pkg:npm/%40autoheal%2Fsetup

Affected ranges

Affected versions

1.*

1.0.2

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/withdrawn/npm/@autoheal/setup/MAL-2026-4366.json"

indicators

{
    "package_integrity": [
        {
            "filename": "setup-1.0.2.tgz",
            "hashes": {
                "sha1": "dac41c3cce7ce22ed82b716cdf542ad942feefd6",
                "sha512_sri": "sha512-jsHJWtClJ7eZ6gX3A4HQC/g/0aNCGuNrif4/MVYaplIlKfQwZQ0bUXQTfs8Bt76usO5LIK8kKAc+Z5CU/yvoEQ=="
            }
        }
    ],
    "evidence_files": [
        {
            "path": "bin/setup.js",
            "tlsh": "6a1372b258a610303aa7cc6d9f270813b1267803f408e924b5acf2d99fed555cd676fd",
            "sha256": "399b7fda4feeffd1da6897e7e940951201c64c8eedaddf261ea0b1625fac0440"
        }
    ]
}

cwes

[
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    }
]