{"id":"MAL-2026-4366","summary":"Malicious code in @autoheal/setup (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (3a8b8b7d51e8865d048583893b08ad3d3d95a8371963b82adc6bf4b7938fe4c1)\nWhen the user runs this setup wizard, bin/setup.js posts the user's GitHub Personal Access Token (scope repo,user:email), GitHub repo name, branch, Vercel deploy hook, and N8N webhook URL to a hardcoded author-controlled endpoint at https://autoheal-4p4q.onrender.com/api/settings. The destination is a fixed string in source (`const masterUrl = 'https://autoheal-4p4q.onrender.com'`); there is no per-user configuration and no opt-out. The wizard also auto-edits the user's index.html to insert `\u003cscript src=\"https://autoheal-4p4q.onrender.com/sdk/autoheal.js\"\u003e\u003c/script\u003e` with no SRI hash and no version pin, granting the author's server mutable JavaScript execution on every visitor page load of the user's deployed site. A second author-controlled endpoint at https://creativekulhad.onrender.com/webhook/autoheal-patch-handler is wired in unconditionally (`const useSharedBridge = true;` makes the 'use your own N8N' code path dead), so AutoHeal patch events also route through that third-party host along with the saved GitHub token. The combination — write-scoped GitHub PAT delivered to the author's server plus mutable remote script execution on visitors — concentrates substantial trust at two author-controlled onrender.com hosts beyond what 'setup wizard' implies. The relay fires when the user invokes the wizard, not at npm install time.\n","modified":"2026-05-27T00:32:01.143293904Z","published":"2026-05-21T11:27:03Z","withdrawn":"2026-05-26T21:14:22Z","database_specific":{"malicious-packages-origins":[{"id":"IN-MAL-2026-003802","import_time":"2026-05-26T05:51:20.631672141Z","versions":["1.0.2"],"sha256":"3a8b8b7d51e8865d048583893b08ad3d3d95a8371963b82adc6bf4b7938fe4c1","source":"amazon-inspector","modified_time":"2026-05-21T11:27:03Z"}]},"references":[{"type":"PACKAGE","url":"https://www.npmjs.com/package/@autoheal/setup/v/1.0.2"}],"affected":[{"package":{"name":"@autoheal/setup","ecosystem":"npm","purl":"pkg:npm/%40autoheal%2Fsetup"},"versions":["1.0.2"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/withdrawn/npm/@autoheal/setup/MAL-2026-4366.json","cwes":[{"description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506","name":"Embedded Malicious Code"}],"indicators":{"evidence_files":[{"sha256":"399b7fda4feeffd1da6897e7e940951201c64c8eedaddf261ea0b1625fac0440","tlsh":"6a1372b258a610303aa7cc6d9f270813b1267803f408e924b5acf2d99fed555cd676fd","path":"bin/setup.js"}],"package_integrity":[{"hashes":{"sha512_sri":"sha512-jsHJWtClJ7eZ6gX3A4HQC/g/0aNCGuNrif4/MVYaplIlKfQwZQ0bUXQTfs8Bt76usO5LIK8kKAc+Z5CU/yvoEQ==","sha1":"dac41c3cce7ce22ed82b716cdf542ad942feefd6"},"filename":"setup-1.0.2.tgz"}]}}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"}]}