-= Per source details. Do not edit below this line.=-
On npm install, the package's postinstall script (node demo-clean.js) auto-executes two installer-side actions without consent. First, openDemo() platform-branches via execSync to open https://github.com/X3r0Day/BunnyHijack in the installer's default browser and to spawn the OS calculator (calc on Windows, open -a Calculator on macOS, gnome-calculator/kcalc on Linux) — the canonical calc.exe proof of unauthenticated code execution on the installer's host. Second, cleanup() walks every ancestor directory of INIT_CWD, process.cwd(), and the user's home directory, calling fs.rmSync(..., {recursive:true, force:true}) against paths inside each ancestor's node_modules, node_modules/.pnpm, node_modules/.bin/node* shims, ~/.npm/_npx, ~/.bun/install/cache, and tmpdir entries; cleanupPackageJson() then reads each ancestor package.json and rewrites it via fs.writeFileSync after deleting matching entries from dependencies, devDependencies, optionalDependencies, and peerDependencies. The destructive recursive-force-rm operates well outside the package's own directory and reaches the user's home tree, and the spawned-process primitive can be retargeted to any binary in a future release.
{
"malicious-packages-origins": [
{
"versions": [
"1.0.1"
],
"sha256": "8ee6a2ba8d90a67199eae146b7688190adb974ce5aa1be7c07d56e2e3999d270",
"modified_time": "2026-07-01T20:47:27Z",
"source": "amazon-inspector",
"import_time": "2026-07-01T21:04:20.562853387Z",
"id": "IN-MAL-2026-007894"
},
{
"versions": [
"1.0.4"
],
"sha256": "ae5df84cbdf3092d5f7b8f405248144eacdf5119c756c97726974e547810ebec",
"modified_time": "2026-07-01T20:47:19Z",
"source": "amazon-inspector",
"import_time": "2026-07-01T21:04:20.500515222Z",
"id": "IN-MAL-2026-007893"
}
]
}{
"package_integrity": [
{
"filename": "test-pkg-pnpm-1.0.1.tgz",
"hashes": {
"sha512_sri": "sha512-Jki+8yoVYBSIpTuE83uAVs1P1+sB7zGchYs0/a6Ehyc2FFIBXxtxeRKEMgN/paXXit0sHpH3rMCizPaOluUlgw==",
"sha1": "b399121b46ab19bca631a7c8234653a187e9a343"
}
}
],
"evidence_files": [
{
"sha256": "8f7a41070899d5ceb3cd3a6efd35364f45943b1b41a0f8a01010993f897e48d1",
"path": "package.json",
"tlsh": "1ed02b448861467324cd38615d399403a7380b4780153c2c62d71099aa497bb04b9265"
},
{
"sha256": "e4ae6c862f2fcf3c6440c966cd74bd9f07a06be072bd301df27ae0848aa50adb",
"path": "shim.js",
"tlsh": "3331726796a197f42de04dc2a487482174abc723b205ffb881ced1536b8a41702fb4f9"
}
]
}
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/test-pkg-pnpm/MAL-2026-6716.json"
[
{
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code",
"cweId": "CWE-506"
},
{
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code",
"cweId": "CWE-506"
}
]