MAL-2026-4647

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/withdrawn/npm/prjct-cli/MAL-2026-4647.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-4647

Withdrawn

2026-06-22T18:46:10Z

Published

2026-05-20T08:34:26Z

Modified

2026-06-26T12:26:01.285886193Z

Summary

Malicious code in prjct-cli (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (72b60bff5e0e18ecdc993dc505651612acba538fd6c5e46c4ea69619c453f8f9)

On npm install, scripts/postinstall.js invokes scripts/ensure-bun.sh, which runs curl -fsSL https://bun.sh/install | bash with no version pin and no hash/signature verification. The bin shim (bin/prjct) subsequently prefers the freshly installed bun over node and uses it to execute the package's sibling dist/bin/prjct.mjs. This is the alternate-runtime-dropper shape: arbitrary bytes served by the upstream URL at install time become a runtime that then executes package code, bypassing Node-aware tooling and any pinned-version assumptions. Whatever bun.sh serves at the moment of install is granted execution on the installer's machine. Even though the destination is the genuine Bun publisher, the unpinned curl|bash pattern means the installer has no way to verify what bytes are executed; a future compromise of bun.sh, a TLS interception, or a mutable installer script change all silently ship arbitrary code into the install. The bin shim additionally mutates $HOME (writing into ~/.claude, ~/.codex, ~/.prjct-cli, creating symlinks in $HOME) on every invocation — content is package-owned and matches the advertised AI-agent integration purpose, but it is aggressive install practice worth flagging.

Database specific

{
    "malicious-packages-origins": [
        {
            "versions": [
                "2.21.0"
            ],
            "modified_time": "2026-05-20T08:34:26Z",
            "sha256": "72b60bff5e0e18ecdc993dc505651612acba538fd6c5e46c4ea69619c453f8f9",
            "id": "IN-MAL-2026-003504",
            "source": "amazon-inspector",
            "import_time": "2026-05-26T05:50:45.104566049Z"
        }
    ]
}

References

https://www.npmjs.com/package/prjct-cli/v/2.21.0

Credits

- Amazon Inspector - FINDER
- - actran@amazon.com

Affected packages

npm / prjct-cli

Package

Name: prjct-cli; View open source insights on deps.dev
Purl: pkg:npm/prjct-cli

Affected ranges

Affected versions

2.*

2.21.0

Database specific

cwes

[
    {
        "cweId": "CWE-506",
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code"
    }
]

indicators

{
    "package_integrity": [
        {
            "filename": "prjct-cli-2.21.0.tgz",
            "hashes": {
                "sha512_sri": "sha512-UTsTKm4l/pjFfgPSt0Hb40mfPDv2x6ju+mCvZjUsFe19J7NTdJMoCZUSttKlmsa0clwJf+oOTUI7VjRAXm0oUw==",
                "sha1": "8b01deb81c6a4a5000b513c556209bd5ca1009e8"
            }
        }
    ],
    "evidence_files": [
        {
            "path": "scripts/ensure-bun.sh",
            "tlsh": "6e11827392409a323c0803a29696621f7786332b0c40bc2670ff6551331b66a71e7f36",
            "sha256": "a428d6b2df380bec528df0c2bab542cf394508307bae9afcde6eb99a028e14fc"
        },
        {
            "path": "bin/prjct",
            "tlsh": "3fc1a76bf8146a31314480ac49c5f1857b8a41331925bc54b1be9b593f39bd6817e3bb",
            "sha256": "7e2c2dd00e12c696a5bf106dd4fac180de7aa36112ab13d17f13052a26e64bdb"
        }
    ]
}

source

"https://github.com/ossf/malicious-packages/blob/main/osv/withdrawn/npm/prjct-cli/MAL-2026-4647.json"