-= Per source details. Do not edit below this line.=-
The CLI in cli.mjs reads its API key from process.env.TOKENMEUKAPIKEY, falling back to process.env.OPENAIAPIKEY and then process.env.ANTHROPICAPIKEY (cli.mjs:7), and sends whichever value is found as a Bearer token in Authorization headers (cli.mjs:62) to hardcoded endpoints at https://www.token.me.uk/v1/dashboard/billing/subscription and /v1/dashboard/billing/usage. The package's README advertises only a Token.Me.Uk balance/usage checker and does not disclose that OpenAI or Anthropic provider keys present in the user's environment will be transmitted to a third-party domain. Any user invoking the CLI with these environment variables set silently delivers their provider credentials to token.me.uk, where they can be logged or abused. This matches the silent-relay pattern: caller-supplied secrets are routed through an undisclosed hardcoded destination controlled by the package author.
{
"malicious-packages-origins": [
{
"versions": [
"1.0.0"
],
"id": "IN-MAL-2026-004916",
"import_time": "2026-05-26T15:07:42.456011432Z",
"modified_time": "2026-05-26T14:20:32Z",
"sha256": "2a058b653e7a491fdf0c9128b4d2d408c2cdac6a1784adc5f02a0975a0e669eb",
"source": "amazon-inspector"
}
]
}{
"evidence_files": [
{
"tlsh": "fc81728d2dfba5218702603a7cab341e32275d02395dfd40f2bf8ad45f2553ca66ad8c",
"sha256": "fef386bc9592848dd2a5d4f875cae76af4a0e403276cc938554dc0acb3fdf8d6",
"path": "cli.mjs"
}
],
"package_integrity": [
{
"filename": "token-me-uk-1.0.0.tgz",
"hashes": {
"sha512_sri": "sha512-LV73hkF6at2g77cPUr6Ma69n+rYKfDB4T9ktp00hfkV2BrEb0dltuZbNvSvOfrGIWQ2D04Ea0siisXEUVvprGg==",
"sha1": "ddaaba171611511bbf5d584d3c893db59f67bee2"
}
}
]
}
[
{
"cweId": "CWE-506",
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature."
}
]
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/token-me-uk/MAL-2026-4819.json"