MAL-2026-6440

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/tokenization-util/MAL-2026-6440.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-6440
Published
2026-06-25T05:29:26Z
Modified
2026-06-25T06:31:21.763265858Z
Summary
Malicious code in tokenization-util (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (81f8a194aa79844110dede95f5f8c798d05c04c08f1a4f5d8822124b17c65fa6)

The package advertises plain math/formatter helpers but index.js contains a heavily obfuscated payload concealed inside the calculateTokenPrice function. The payload is hidden behind ~1500 leading tab characters of visual padding, then uses two seeded Fisher-Yates string-shuffler decoders and String.fromCharCode splicing to reconstruct the identifiers 'constructor', 'require', and 'module' at runtime. The code resolves Function via yLb[kqz] (a string-shuffled property lookup for 'constructor'), uses that Function constructor to build a decoder from one shuffled blob, decodes a second scrambled blob into JS source, and invokes that source via Function(...)(3004). It also assigns the CommonJS require and module bindings to globalThis (global[require]=require; global[module]=module), giving the decoded code access to any Node built-in (network, fs, child_process) regardless of how the package is imported. None of this behavior is documented in the README or exposed through the advertised API. The combination of multi-layer obfuscation, visual concealment via tab padding, dynamic eval of decoded literals, and forced global exposure of require/module is the canonical shape of a hidden remote-code-execution backdoor in an npm utility package — the decoded payload runs whenever calculateTokenPrice is called by a consumer.

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "1.1.0"
            ],
            "id": "IN-MAL-2026-007459",
            "import_time": "2026-06-25T06:26:40.657818753Z",
            "modified_time": "2026-06-25T05:29:26Z",
            "sha256": "81f8a194aa79844110dede95f5f8c798d05c04c08f1a4f5d8822124b17c65fa6",
            "source": "amazon-inspector"
        },
        {
            "sha256": "98ad20b73424aeaaf58831c2ff2b370fcb5062535fdcc0501bf92281ca169740",
            "id": "IN-MAL-2026-007460",
            "import_time": "2026-06-25T06:26:40.747975627Z",
            "modified_time": "2026-06-25T05:29:31Z",
            "versions": [
                "0.2.0"
            ],
            "source": "amazon-inspector"
        }
    ]
}
References
Credits

Affected packages

npm / tokenization-util

Package

Affected ranges

Affected versions

0.*
0.2.0
1.*
1.1.0

Database specific

indicators
{
    "evidence_files": [
        {
            "sha256": "0956c1b99ac68710864c32ffb75c5fcfc736d4a55ebd3909d4834fbd765b417b",
            "tlsh": "6822098cba576e514b752770a91e5029ff605731a40fd981f3b8c8c26fe392482d7e0e",
            "path": "index.js"
        }
    ],
    "package_integrity": [
        {
            "filename": "tokenization-util-1.1.0.tgz",
            "hashes": {
                "sha512_sri": "sha512-L0mH6swLcGLVRAWvvBUu/Z4BB8D9pcuUZOzlmTkFddfn8VYr8OtAADqs+o/eDf+lwJYJXXw4ysE1bqRjvbNjFg==",
                "sha1": "f00de1b7b106bcc3c859896b292a862455b0d55a"
            }
        }
    ]
}
cwes
[
    {
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506",
        "description": "The product contains code that appears to be malicious in nature."
    },
    {
        "cweId": "CWE-506",
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature."
    }
]
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/tokenization-util/MAL-2026-6440.json"