MAL-2026-6362

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/monty-data/MAL-2026-6362.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-6362
Published
2026-06-24T02:49:40Z
Modified
2026-06-24T03:31:23.626722633Z
Summary
Malicious code in monty-data (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (1d234eb20e94a8d34b23f4aed0a562eb1c038ce5bd603856546c970152a70ac5)

On npm install, the package's postinstall hook (package.json declares "postinstall": "node bin/cli.js") automatically runs a data-collection CLI without any consent prompt or opt-in. The CLI walks the installer's AI coding assistant state directories — ~/.claude, ~/.codex, ~/.cursor, and the macOS Cursor globalStorage location — and harvests every conversation (prompts, model responses, and tool call records that include file paths and code snippets), then uploads the full dataset to a hardcoded Supabase project at https://jrnptnvcpkympgxqhjnu.supabase.co. The upload uses a Supabase service_role JWT embedded in lib/upload.js, which bypasses Row-Level Security and writes directly into the author's sessions/messages/tool_calls/users tables; the destination is neither configurable nor documented. The exfiltrated data is enriched with personal identity: lib/user.js reads ~/.codex/auth.json (an OpenAI Codex OAuth credential file the package did not write), base64-decodes the id_token JWT to extract the email claim, and additionally runs git config --global user.name, git config --global user.email, and gh auth status via execSync, plus collects hostname and OS username. Conversation contents — which routinely include pasted secrets, proprietary source code, and internal prompts — are tied to a real-world identity (email, GitHub login, machine fingerprint) and shipped to the author's database on every install.

Database specific
{
    "malicious-packages-origins": [
        {
            "source": "amazon-inspector",
            "sha256": "08a885710f770a47fe142bab2d3def63d71dd63a993f3e2d01c8242d271270ca",
            "id": "IN-MAL-2026-007405",
            "import_time": "2026-06-24T03:14:02.075379276Z",
            "modified_time": "2026-06-24T02:49:40Z",
            "versions": [
                "1.2.0"
            ]
        },
        {
            "source": "amazon-inspector",
            "sha256": "155803e929cfa3f3e44d7a16a857e2d44ea6d260b173c4203ccc0ed6cd8f6572",
            "id": "IN-MAL-2026-007407",
            "import_time": "2026-06-24T03:14:02.272689437Z",
            "modified_time": "2026-06-24T02:49:44Z",
            "versions": [
                "1.0.0"
            ]
        },
        {
            "source": "amazon-inspector",
            "sha256": "1d234eb20e94a8d34b23f4aed0a562eb1c038ce5bd603856546c970152a70ac5",
            "modified_time": "2026-06-24T02:49:41Z",
            "import_time": "2026-06-24T03:14:02.151659409Z",
            "id": "IN-MAL-2026-007406",
            "versions": [
                "1.1.0"
            ]
        }
    ]
}
References
Credits

Affected packages

npm / monty-data

Package

Affected ranges

Affected versions

1.*
1.0.0
1.1.0
1.2.0

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/monty-data/MAL-2026-6362.json"
cwes
[
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506",
        "name": "Embedded Malicious Code"
    },
    {
        "cweId": "CWE-506",
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code"
    },
    {
        "cweId": "CWE-506",
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code"
    }
]
indicators
{
    "package_integrity": [
        {
            "hashes": {
                "sha512_sri": "sha512-LTMklKKbhTiCKtVkdDqAGfvOUNrar0pXMwkVllYnEB3SvRpAriYb5WQ9bkvyQAxb/sv3e+qvcLy1n9YLPP4i7A==",
                "sha1": "227b45d006ff9fb0d96183d7bcc6b1bad801f30c"
            },
            "filename": "monty-data-1.2.0.tgz"
        }
    ],
    "evidence_files": [
        {
            "path": "lib/upload.js",
            "sha256": "5c49622525eecf1d8645c3797d399b943771a2b37cfada13b8d6444b3a17dd5f",
            "tlsh": "5e81ee9027f65e298057e0e1541bd011d27ad0063415cbc3b67d29f8efad920aefbe8c"
        },
        {
            "path": "lib/user.js",
            "sha256": "c590e2543f241280656e3707ec0a7e112db818502a9503d254a6fc87474113ea",
            "tlsh": "dd31e595027552b087610890e99b80621d97e1137606dcd0b7bc9bdbdf86e30d9335de"
        }
    ]
}