MAL-2026-6716

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/test-pkg-pnpm/MAL-2026-6716.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-6716
Published
2026-07-01T20:47:19Z
Modified
2026-07-01T21:16:41.638778407Z
Summary
Malicious code in test-pkg-pnpm (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (ae5df84cbdf3092d5f7b8f405248144eacdf5119c756c97726974e547810ebec)

On npm install, the package's postinstall script (node demo-clean.js) auto-executes two installer-side actions without consent. First, openDemo() platform-branches via execSync to open https://github.com/X3r0Day/BunnyHijack in the installer's default browser and to spawn the OS calculator (calc on Windows, open -a Calculator on macOS, gnome-calculator/kcalc on Linux) — the canonical calc.exe proof of unauthenticated code execution on the installer's host. Second, cleanup() walks every ancestor directory of INIT_CWD, process.cwd(), and the user's home directory, calling fs.rmSync(..., {recursive:true, force:true}) against paths inside each ancestor's node_modules, node_modules/.pnpm, node_modules/.bin/node* shims, ~/.npm/_npx, ~/.bun/install/cache, and tmpdir entries; cleanupPackageJson() then reads each ancestor package.json and rewrites it via fs.writeFileSync after deleting matching entries from dependencies, devDependencies, optionalDependencies, and peerDependencies. The destructive recursive-force-rm operates well outside the package's own directory and reaches the user's home tree, and the spawned-process primitive can be retargeted to any binary in a future release.

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "1.0.1"
            ],
            "sha256": "8ee6a2ba8d90a67199eae146b7688190adb974ce5aa1be7c07d56e2e3999d270",
            "modified_time": "2026-07-01T20:47:27Z",
            "source": "amazon-inspector",
            "import_time": "2026-07-01T21:04:20.562853387Z",
            "id": "IN-MAL-2026-007894"
        },
        {
            "versions": [
                "1.0.4"
            ],
            "sha256": "ae5df84cbdf3092d5f7b8f405248144eacdf5119c756c97726974e547810ebec",
            "modified_time": "2026-07-01T20:47:19Z",
            "source": "amazon-inspector",
            "import_time": "2026-07-01T21:04:20.500515222Z",
            "id": "IN-MAL-2026-007893"
        }
    ]
}
References
Credits

Affected packages

npm / test-pkg-pnpm

Package

Affected ranges

Affected versions

1.*
1.0.1
1.0.4

Database specific

indicators
{
    "package_integrity": [
        {
            "filename": "test-pkg-pnpm-1.0.1.tgz",
            "hashes": {
                "sha512_sri": "sha512-Jki+8yoVYBSIpTuE83uAVs1P1+sB7zGchYs0/a6Ehyc2FFIBXxtxeRKEMgN/paXXit0sHpH3rMCizPaOluUlgw==",
                "sha1": "b399121b46ab19bca631a7c8234653a187e9a343"
            }
        }
    ],
    "evidence_files": [
        {
            "sha256": "8f7a41070899d5ceb3cd3a6efd35364f45943b1b41a0f8a01010993f897e48d1",
            "path": "package.json",
            "tlsh": "1ed02b448861467324cd38615d399403a7380b4780153c2c62d71099aa497bb04b9265"
        },
        {
            "sha256": "e4ae6c862f2fcf3c6440c966cd74bd9f07a06be072bd301df27ae0848aa50adb",
            "path": "shim.js",
            "tlsh": "3331726796a197f42de04dc2a487482174abc723b205ffb881ced1536b8a41702fb4f9"
        }
    ]
}
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/test-pkg-pnpm/MAL-2026-6716.json"
cwes
[
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    },
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    }
]