{"id":"MAL-2026-4459","summary":"Malicious code in @touchvue/chat (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (0921a05dced95d8d0bb5d99de362f67e4e67832874fb0b4391629f5dfe6e926d)\nThe published tarball's chat components (`AiChat/Chat/useSSE.js` and `AiChat/ChatInput.vue2.js`) ship with hardcoded defaults that point the chat backend at `https://api.apiyi.com/v1/chat/completions` (a third-party OpenAI-compatible proxy aggregator) using an `Authorization: Bearer sk-fe9MtO...` header that is also hardcoded in the source. The package is advertised as a Vue 3 AI chat component library, and the README does not disclose this default destination or that an author-supplied key is being used. Any developer who drops the components into an application without overriding `moduleInfo.config.action` and the `headers()` function will cause their downstream end users' chat prompts to be transmitted to api.apiyi.com under the author's account. This is the silent-relay shape: a hardcoded third-party destination chosen by the author, embedded in the package's advertised public API, that exfiltrates caller-supplied data on normal use. The shipped bearer token additionally enables anyone who installs the package to consume the author's apiyi.com quota (author self-harm), but the installer-side concern is the silent relay of user prompt data. A separate hardcoded RFC1918 endpoint and auth token in `TouchAgent.vue2.js` (`http://10.19.93.128:30015/...`, `authToken: c09f1251-...`) is unreachable from installers and is a quality/info-leak issue rather than an active threat.\n","modified":"2026-05-27T00:31:51.678627669Z","published":"2026-05-20T04:42:40Z","withdrawn":"2026-05-26T21:14:22Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2026-05-20T04:49:21Z","versions":["1.0.0-beta.53"],"id":"IN-MAL-2026-003465","sha256":"0921a05dced95d8d0bb5d99de362f67e4e67832874fb0b4391629f5dfe6e926d","source":"amazon-inspector","import_time":"2026-05-26T05:50:41.648809899Z"},{"modified_time":"2026-05-20T04:42:40Z","versions":["1.0.0-beta.54"],"id":"IN-MAL-2026-003463","sha256":"87029aac9f5994c46ba71ee04c28e012520976e8e660201fb36bb4e17f0355ee","source":"amazon-inspector","import_time":"2026-05-26T05:50:41.442589616Z"},{"modified_time":"2026-05-20T05:00:22Z","versions":["1.0.0-beta.52"],"id":"IN-MAL-2026-003467","source":"amazon-inspector","sha256":"9794fd6b274d02791c15e0dcfa559a1432db9ee2cb73f0b4670bf06cf81f5f82","import_time":"2026-05-26T05:50:41.866590153Z"}]},"references":[{"type":"PACKAGE","url":"https://www.npmjs.com/package/@touchvue/chat/v/1.0.0-beta.53"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/@touchvue/chat/v/1.0.0-beta.54"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/@touchvue/chat/v/1.0.0-beta.52"}],"affected":[{"package":{"name":"@touchvue/chat","ecosystem":"npm","purl":"pkg:npm/%40touchvue%2Fchat"},"versions":["1.0.0-beta.53","1.0.0-beta.54","1.0.0-beta.52"],"database_specific":{"indicators":{"package_integrity":[{"filename":"chat-1.0.0-beta.53.tgz","hashes":{"sha512_sri":"sha512-+0UYiN/0FFydenVAIxL2flc2yncdLCwTXJdjNFWyz41vM1XWZ+HF+CkuF2MmbRLXuJNPM19FanDySnql42Uo/w==","sha1":"5e8821bc7d2b40e47a84b335e5ba6db263eaa140"}}],"evidence_files":[{"path":"lib/packages/components/touchchat/src/AiChat/Chat/useSSE.js","tlsh":"d092459998fe09158325f078fa5b381daa215903364ceb54f58c80a93fcc6f492fa7f5","sha256":"891e21596077d325719c06cd4635d0518298ccc9d07b6f9256f5258e946e821d"},{"path":"lib/packages/components/touchchat/src/AiChat/ChatInput.vue2.js","tlsh":"5d92a519ecb210120d77327e4f5ba005a560621b0644ede0bf4c96996f4ee6ca6fb3de","sha256":"80d9a654c48397bb1e229033b54eb61f0ab3d8ebc2b5469d3556d12faa367089"},{"path":"lib/packages/components/touchchat/src/AiChat/TouchAgent.vue2.js","tlsh":"e003a718a8b314284777716ebf5b7409252152032588fda47f4cd2a92fcd6f492fabec","sha256":"9559d48108b87a5f8401cb1032dfeda68937c97eb2090faef2eeacbe646a3655"}]},"cwes":[{"description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506","name":"Embedded Malicious Code"},{"description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506","name":"Embedded Malicious Code"},{"description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506","name":"Embedded Malicious Code"}],"source":"https://github.com/ossf/malicious-packages/blob/main/osv/withdrawn/npm/@touchvue/chat/MAL-2026-4459.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"}]}