MAL-2026-4492
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/autoheal-dev-cli/MAL-2026-4492.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2026-4492
- Published
- 2026-05-21T12:43:03Z
- Modified
- 2026-05-26T06:02:10.946966661Z
- Summary
- Malicious code in autoheal-dev-cli (npm)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (6e0f114cd638df1be1f2262e1b05dbe726cee5600a10be6d67be8ac8e1089f3d)
autoheal-dev-cli is a setup wizard (
bin/setup.js) that, when run, performs three installer-harm actions against the developer running it: (1)syncConfigToServer()POSTs the user's GitHub Personal Access Token (with repo + user:email scopes), Vercel deploy hook URL, GitHub repo/branch, and n8n webhook to the hardcoded URLhttps://auomation.vercel.app/api/settings(note the misspelledauomationvsautomation); the destination is not user-configurable. A holder of that endpoint can push code to every user's GitHub repos. (2) Despite the README presenting a choice to use the user's own n8n instance, the code unconditionally setsuseSharedBridge = trueand overwritesn8nWebhooktohttps://creativekulhad.onrender.com/webhook/autoheal-patch-handler, routing every patch dispatch from every user through the author's Render server. (3) The wizard rewrites the user'sindex.htmlto add<script src="https://auomation.vercel.app/autoheal.js"></script>with no SRI or version pinning, thengit push --forces and triggers a Vercel deploy — so every visitor to the user's production site fetches and executes mutable JavaScript served from the author's domain in the user's origin. Additionally, the user's GitHub PAT is embedded directly into the git remote URL (https://<token>@github.com/...) and persisted in the local.git/config, and the wizard force-pushes without confirmation. The combination of silent relay of credentials to a typo-domain, forced routing of all generated patches through author infrastructure, and unpinned remote-script injection into the user's deployed site is a multi-channel installer-harm pattern that gives the publisher persistent control over both the developer's GitHub account and any site deployed through this wizard. - Database specific
{ "malicious-packages-origins": [ { "import_time": "2026-05-26T05:52:24.183920938Z", "sha256": "129a7e58312994f1276d41c21233556c6b6d6671b388d3ef63094cc4855a4f76", "id": "IN-MAL-2026-004336", "source": "amazon-inspector", "modified_time": "2026-05-23T14:08:57Z", "versions": [ "1.2.9" ] }, { "import_time": "2026-05-26T05:52:23.729082228Z", "sha256": "88947aa441c78bdd42ac6a0172e277bd36e7461650270de94d2a397443c3b787", "id": "IN-MAL-2026-004332", "source": "amazon-inspector", "modified_time": "2026-05-23T13:50:22Z", "versions": [ "1.2.7" ] }, { "import_time": "2026-05-26T05:52:23.508279512Z", "sha256": "a492c60fefe35c9139d7ba00864e138ded9402d6290f45d70adb85579e8b9000", "source": "amazon-inspector", "id": "IN-MAL-2026-004330", "modified_time": "2026-05-23T13:30:03Z", "versions": [ "1.2.5" ] }, { "import_time": "2026-05-26T05:51:22.628582252Z", "sha256": "d9069b29a8013d1b76f65d1dc16c1bf21ea9aee006010206eed516bdb5bd9a1d", "id": "IN-MAL-2026-003817", "source": "amazon-inspector", "modified_time": "2026-05-21T13:01:33Z", "versions": [ "1.0.6" ] }, { "import_time": "2026-05-26T05:52:03.367350255Z", "sha256": "13adde7d1a84adc5f3f5daa464995f3003657e3c524e8bd31d2e5b52ee6d06ac", "source": "amazon-inspector", "id": "IN-MAL-2026-004162", "modified_time": "2026-05-22T07:36:01Z", "versions": [ "1.0.7" ] }, { "import_time": "2026-05-26T05:52:03.482221009Z", "sha256": "1e275932d989e81232586f56cdf8b843ad30aa392a7c16e878718c16e2d7ee15", "id": "IN-MAL-2026-004163", "source": "amazon-inspector", "modified_time": "2026-05-22T07:47:03Z", "versions": [ "1.0.9" ] }, { "import_time": "2026-05-26T05:51:21.551354461Z", "sha256": "35ac6c38cb5b44605a386058dbd557b9bd0dcc826eecec61bfaef376941de4a8", "source": "amazon-inspector", "id": "IN-MAL-2026-003808", "modified_time": "2026-05-21T12:43:03Z", "versions": [ "1.0.4" ] }, { "import_time": "2026-05-26T05:52:23.608551164Z", "sha256": "6e0f114cd638df1be1f2262e1b05dbe726cee5600a10be6d67be8ac8e1089f3d", "source": "amazon-inspector", "id": "IN-MAL-2026-004331", "modified_time": "2026-05-23T13:36:24Z", "versions": [ "1.2.6" ] }, { "import_time": "2026-05-26T05:51:21.649675347Z", "sha256": "775cb554dda759caa725f40bae760cf76f8059f9ef5ccedd8a538625156a70d1", "source": "amazon-inspector", "id": "IN-MAL-2026-003809", "modified_time": "2026-05-21T12:46:59Z", "versions": [ "1.0.5" ] } ] }- References
-
- https://www.npmjs.com/package/autoheal-dev-cli/v/1.2.9
- https://www.npmjs.com/package/autoheal-dev-cli/v/1.2.7
- https://www.npmjs.com/package/autoheal-dev-cli/v/1.2.5
- https://www.npmjs.com/package/autoheal-dev-cli/v/1.0.6
- https://www.npmjs.com/package/autoheal-dev-cli/v/1.0.7
- https://www.npmjs.com/package/autoheal-dev-cli/v/1.0.9
- https://www.npmjs.com/package/autoheal-dev-cli/v/1.0.4
- https://www.npmjs.com/package/autoheal-dev-cli/v/1.2.6
- https://www.npmjs.com/package/autoheal-dev-cli/v/1.0.5
- Credits
-
-
- Amazon Inspector - FINDER
-
Affected packages
npm / autoheal-dev-cli
Package
- Name
- autoheal-dev-cli
- View open source insights on deps.dev
- Purl
- pkg:npm/autoheal-dev-cli
Database specific
cwes
[
{
"cweId": "CWE-506",
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature."
},
{
"cweId": "CWE-506",
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature."
},
{
"cweId": "CWE-506",
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature."
},
{
"cweId": "CWE-506",
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature."
},
{
"cweId": "CWE-506",
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature."
},
{
"cweId": "CWE-506",
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature."
},
{
"cweId": "CWE-506",
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature."
},
{
"cweId": "CWE-506",
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature."
},
{
"cweId": "CWE-506",
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature."
}
]
indicators
{
"package_integrity": [
{
"hashes": {
"sha512_sri": "sha512-LuXgi3OKrwkj6Lot+NiGuAA9/XIofOz/WrrGtE8ybOVf2uF5zaS9xXoxddQ9F02gaC615i4Zyx36EgPN5jVbSQ==",
"sha1": "cdf3851daa49e345446374333cba36be19bd8fe4"
},
"filename": "autoheal-dev-cli-1.2.9.tgz"
}
],
"evidence_files": [
{
"sha256": "5e8ac694445a90024f18fe605e1f68fe9e3528c6ed11519ecb542a1c874d41d0",
"tlsh": "554362b2992511207eb4ca6d9f230812f62a7617f104a224b9fcf1995ffe441c927efc",
"path": "bin/setup.js"
}
]
}
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/autoheal-dev-cli/MAL-2026-4492.json"