MAL-2026-6273

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/zod-pino/MAL-2026-6273.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-6273

Published

2026-06-22T21:53:45Z

Modified

2026-06-23T22:46:25.617024146Z

Summary

Malicious code in zod-pino (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (c536e5a7ee3d5542e1ac822b30ba4525e52b2ae0c964d0c2470468d91b9b41c8)

The package is published under a name suggesting a Pino logger integration for Zod, but the tarball contents do not match that purpose and exhibit multiple installer-harm fingerprints:

scripts/postinstall-agent.mjs runs at install time and performs outbound network activity (GET requests, ping/host probing, identifier collection). A logging-schema package has no legitimate reason to ship a postinstall agent that beacons out.
dist/discordRelayUpload.js implements POST-based upload flows with base64 encoding/decoding of payloads and host-reachability probes (ping) — a Discord-channel relay used for off-host data delivery, unrelated to the package's advertised purpose.
dist/secretScan/contentScanner.js and dist/secretScan/agentStartupAudit.js implement a secret-scanning routine that fetches huggingface.co endpoints from an 'agent startup audit' code path, with base64 buffer handling consistent with credential extraction and transmission.
dist/hfCredentials.js handles base64-encoded Hugging Face credentials, and dist/deploymentDefaults.js plus scripts/encode-deployment.mjs perform multi-stage base64 decoding of deployment payloads — typical staged-payload obfuscation.
dist/relayServer.js bundles a long-lived relay/server component with repeated host-probe (ping) primitives.

Taken together — install-time agent with outbound traffic, secret-scanning + credential modules, base64-staged deployment payloads, and a Discord upload relay, all in a package nominally advertised as a zod/pino integration — the shipped behavior matches an exfiltration/relay toolchain rather than a logging utility. Installing this package triggers the postinstall agent automatically.

Database specific

{
    "malicious-packages-origins": [
        {
            "sha256": "94af4e18fa0fdc7c6aa17842c0dcea9d8ac7632a915cedb0d2150470d07c4e02",
            "import_time": "2026-06-22T22:14:23.416056934Z",
            "source": "amazon-inspector",
            "modified_time": "2026-06-22T21:53:45Z",
            "versions": [
                "1.0.122"
            ],
            "id": "IN-MAL-2026-007184"
        },
        {
            "sha256": "e4ffd3391bd641307fbb18b050f374e75476dd1ab9ed063d88cfec46dbb70ff1",
            "import_time": "2026-06-23T16:54:11.757013736Z",
            "source": "amazon-inspector",
            "modified_time": "2026-06-23T15:55:37Z",
            "versions": [
                "1.0.123"
            ],
            "id": "IN-MAL-2026-007251"
        },
        {
            "sha256": "81e8a23a71a5288646495c50a46c2814ffc0668d9c24ed04e1abd9e8758b5ea2",
            "import_time": "2026-06-23T16:54:11.832862303Z",
            "source": "amazon-inspector",
            "modified_time": "2026-06-23T15:55:42Z",
            "versions": [
                "1.0.124"
            ],
            "id": "IN-MAL-2026-007252"
        },
        {
            "sha256": "c536e5a7ee3d5542e1ac822b30ba4525e52b2ae0c964d0c2470468d91b9b41c8",
            "import_time": "2026-06-23T19:40:39.923977128Z",
            "source": "amazon-inspector",
            "modified_time": "2026-06-23T18:57:00Z",
            "versions": [
                "1.0.126"
            ],
            "id": "IN-MAL-2026-007332"
        },
        {
            "sha256": "17a7289959ad57906f330b4dfe5cb739b2d9ff4766acfa1050c43e3d63638b66",
            "import_time": "2026-06-23T22:31:28.305469542Z",
            "source": "amazon-inspector",
            "modified_time": "2026-06-23T21:54:03Z",
            "versions": [
                "1.0.127"
            ],
            "id": "IN-MAL-2026-007384"
        }
    ]
}

References

Credits

- Amazon Inspector - FINDER
- - inspector-research@amazon.com

Affected packages

npm / zod-pino

Package

Name: zod-pino; View open source insights on deps.dev
Purl: pkg:npm/zod-pino

Affected ranges

Affected versions

1.*

1.0.122

1.0.123

1.0.124

1.0.126

1.0.127

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/zod-pino/MAL-2026-6273.json"

cwes

[
    {
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506"
    },
    {
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506"
    },
    {
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506"
    },
    {
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506"
    },
    {
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506"
    }
]

indicators

{
    "evidence_files": [
        {
            "sha256": "cbf70b0d8654138a0b4dfcb152824c85fecab500e1a5fade53c2049da4c0dc48",
            "tlsh": "e1f16549b8e7b0100663b5f8861bc8973bdcad07260ed444b35e93956f1f831a3b76e6",
            "path": "dist/deploymentDefaults.js"
        },
        {
            "sha256": "debe8ff010dd0e4bec0af85cbd8708ba345158fc103b9fe68eb12b4d68539c19",
            "tlsh": "d4e296fab5f724311162b6698b5bd0057328b147741eeca47a8ca29c9f9c025c2f7fc6",
            "path": "dist/discordRelayUpload.js"
        },
        {
            "sha256": "bf0091702bbc62eff2319360ab7103a33fee8f5bfad4e63aa359175285de7f49",
            "tlsh": "cae184062ef6902001779079912be01576b0703f6ae1d5f2f69ddec9af12c768ae3dc1",
            "path": "dist/hfCredentials.js"
        },
        {
            "sha256": "dc5d99c9e72bc81a1a162b341a0a0a480ba87b2b7f993ff9c3cf9b3d259e20ba",
            "tlsh": "b293b68a69f360324763f2bd5b5b8001b339d1077558ddd4fa9c8258af8d92883f1be9",
            "path": "dist/relayServer.js"
        },
        {
            "sha256": "185e5a9b6387d3791464f4ade86a394af49115e826ddc1cd5e206e573b0ef7eb",
            "tlsh": "b6e2fb9a69f32432826371be5a4f5005f660b4272148e8e47a5cc299ff454b8d3f7fd8",
            "path": "dist/secretScan/agentStartupAudit.js"
        },
        {
            "sha256": "5f983523fea613c052e726cf94f86c894e72c34261a538e6e6f3999cd76191a5",
            "tlsh": "7212824a6af320514d2330fe1b8b8500b97aa847351cdd28be9c83906f5597c9af7bdc",
            "path": "dist/secretScan/contentScanner.js"
        },
        {
            "sha256": "36c301a61abec8b3658aa278f9cdcdfa0edf6409f4eec68449724d68ef222ea8",
            "tlsh": "34b1b70368e9947041fee3d25953b90b7afdf7153302acc5766e46b90b6bc31026be0a",
            "path": "scripts/encode-deployment.mjs"
        },
        {
            "tlsh": "1d92d88ce6e71a7606a1e79d7a1f150267a0d1070648e4b4f0dd82887f2d13d83b7ebe",
            "sha256": "f637df68b8c097e238ae81473a6a5c3f4ace636044356f7dbb01fef6ca5f579c",
            "path": "scripts/postinstall-agent.mjs"
        }
    ],
    "package_integrity": [
        {
            "filename": "zod-pino-1.0.122.tgz",
            "hashes": {
                "sha1": "770aab78e95bc70cb75748cf3c72a5843d08c185",
                "sha512_sri": "sha512-ACzgiOmad8wiV68jaxV7Ue7acfF6fDqpDKpHcBhim0fL/A+GG3RA1ryuztOr4JbfA4GJL+VpgfY62JRZWEGwOg=="
            }
        }
    ]
}