-= Per source details. Do not edit below this line.=-
package.json declares a dependency foo whose source URL is https://3223567a82f3.ngrok.app/foo — an ephemeral, anonymous ngrok tunnel with no version pin and no integrity hash. On npm install, npm fetches whatever tarball the tunnel currently serves and runs its lifecycle scripts (preinstall/install/postinstall) on the installer's machine. The tunnel operator can swap the served bytes at any time, so the package effectively delegates arbitrary code execution at install time to whoever controls the ngrok endpoint. The package itself has no functional surface: the declared main: index.js is absent from the tarball (which contains only a foo text file and package.json), so the only observable effect of installing it is the dependency-resolution fetch from the attacker-controlled tunnel. Package naming suggests this may be a bug-bounty proof of concept, but the install-time mechanism is identical to a real dropper.
{
"malicious-packages-origins": [
{
"import_time": "2026-06-23T22:31:28.650301301Z",
"sha256": "354a2aa5da5356bab1c97537f865ebdf6af3fcc24f74a6f7c6f78181265c8af2",
"modified_time": "2026-06-23T21:57:12Z",
"versions": [
"1.0.5"
],
"source": "amazon-inspector",
"id": "IN-MAL-2026-007388"
}
]
}[
{
"cweId": "CWE-506",
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature."
}
]
{
"evidence_files": [
{
"tlsh": "3ee026605851882306d5667a1c2e6453b6618e5f04483c1a73cb542c92ce7b72dfd35c",
"sha256": "acb0aa7773ab1a014ab6cbadfecdcf9e6484959a5fde9a7c6579e92b6bc66065",
"path": "package.json"
}
]
}
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/npm-bug-bounty-test1-rhyselsmore/MAL-2026-6354.json"