-= Per source details. Do not edit below this line.=-
Package declares "bin": {"node": "./shim.js"} in package.json, which registers shim.js as the node command in node_modules/.bin. In any environment where node_modules/.bin is prepended to PATH (notably Bun, but also any shell or tool that resolves binaries through the local bin directory), subsequent invocations of node — including those made by other packages' lifecycle scripts during the same install — will execute shim.js instead of the real Node.js runtime. When triggered, shim.js writes /tmp/.bun-npm-pwned and prints a hijack banner to stderr. The current payload is a benign marker, but the mechanism is a fully functional unconsented code-execution channel on the installer's machine: any code placed in shim.js would run with the installer's privileges whenever a sibling package invokes node during install. The package's own README markets this behavior as a PATH-poisoning attack proof-of-concept (BunnyHijack) and explicitly notes that a real attacker would use the same vector to exfiltrate .env, ~/.ssh, and ~/.npmrc. Hijacking a core runtime command name is not a legitimate use of the bin field and constitutes a deliberate supply-chain attack mechanism shipped to the registry.
{
"malicious-packages-origins": [
{
"versions": [
"1.0.0"
],
"id": "IN-MAL-2026-007426",
"import_time": "2026-06-24T06:23:52.124529861Z",
"modified_time": "2026-06-24T06:16:56Z",
"sha256": "712b02f4059736eff4ec1470036c836966983a5d39deb777a12d87b548dd9d7c",
"source": "amazon-inspector"
},
{
"sha256": "bf5806c778f7f49aba80d58a718ed64b09e714e34caa649874727cda5ed92831",
"id": "IN-MAL-2026-007427",
"import_time": "2026-06-24T06:23:52.246461437Z",
"modified_time": "2026-06-24T06:16:59Z",
"versions": [
"1.0.1"
],
"source": "amazon-inspector"
},
{
"versions": [
"1.0.5"
],
"id": "IN-MAL-2026-009708",
"import_time": "2026-07-10T19:02:48.892643701Z",
"sha256": "0ce1a2afd22e2f8aec532f5804db46802e4538a00b8000b63dadec92fa375071",
"modified_time": "2026-07-10T18:44:35Z",
"source": "amazon-inspector"
},
{
"versions": [
"1.0.4"
],
"id": "IN-MAL-2026-009709",
"modified_time": "2026-07-10T18:44:43Z",
"import_time": "2026-07-10T19:02:48.952979178Z",
"sha256": "276d06ff044eeb983d071bca7e760011f7e3274bdf1acf3a88dd50edc6b16e96",
"source": "amazon-inspector"
},
{
"versions": [
"1.0.2"
],
"id": "IN-MAL-2026-009707",
"modified_time": "2026-07-10T18:44:27Z",
"import_time": "2026-07-10T19:02:48.767337709Z",
"sha256": "9fafd2d99f9cf4494726ad31b7444c029e6af96702066992ae4b0741c5239b1a",
"source": "amazon-inspector"
},
{
"sha256": "abd8ecaf1574e0e29c25add6073ac56b46aae7e1e240f44da061ada078657bd8",
"id": "IN-MAL-2026-009710",
"import_time": "2026-07-10T19:02:48.99073154Z",
"modified_time": "2026-07-10T18:44:55Z",
"versions": [
"1.0.3"
],
"source": "amazon-inspector"
}
]
}{
"package_integrity": [
{
"filename": "evil-pkg-1.0.0.tgz",
"hashes": {
"sha512_sri": "sha512-7EmAKHWd14F1UTp6hWYymF3lZzY2fBUSu+atS81hG0PFjzBWluJ+XWJdK6oXESD77EZ7POBmt7FaT5TxpEZx5w==",
"sha1": "315f130d99a445f77809d34902f1c32aae81441b"
}
}
],
"evidence_files": [
{
"sha256": "8af6a189f41726b8376ae24340f676fe1456a8fdb4639980a567cab3d14646a7",
"tlsh": "b7b02b300e50469310c80a601ca8d80c262a0f0b01083804033761044088fbb703531c",
"path": "package.json"
}
]
}
[
{
"cweId": "CWE-506",
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature."
},
{
"cweId": "CWE-506",
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature."
},
{
"name": "Embedded Malicious Code",
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature."
},
{
"name": "Embedded Malicious Code",
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature."
},
{
"cweId": "CWE-506",
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature."
},
{
"cweId": "CWE-506",
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature."
}
]
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/evil-pkg/MAL-2026-6374.json"