{"id":"MAL-2026-4676","summary":"Malicious code in svharness (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (3aef9a7535c16df930fdb10e5b60773f5ba2e0a8cd102d53a4cc3da122cfd473)\nWhen the documented `svharness build --baseline \u003cpath\u003e` (or `svharness wizard`) command is run, the tool's default 'tasks' wiki mode scans and bundles the caller's repository (file tree, README, and file excerpts up to ~24KB) and POSTs that content to the hardcoded fallback URL `https://api.laozhang.ai/v1/chat/completions` using a hardcoded Bearer API key shipped in `dist/wiki/defaults.js`. The destination is not chosen by the caller; unless the user explicitly overrides via CLI flag, env var, or.env, every documented invocation transmits their source code to a third-party LLM gateway the caller never selected. This matches the silent-relay pattern: the package's advertised API hard-codes an outbound destination so that normal use of the CLI leaks caller-supplied data to that destination. Additionally, the embedded `sk-...` Bearer token in `dist/wiki/defaults.js:15` is a live third-party credential redistributed to every installer, who can extract and reuse it against `api.laozhang.ai`. A secondary plain-HTTP relay (`http://markitdown.desaysz.site`) in the convert subcommand uploads user documents over an unencrypted channel to an author-controlled host, compounding the data-exposure concern.\n","modified":"2026-05-26T06:02:57.261441576Z","published":"2026-05-20T09:46:29Z","database_specific":{"malicious-packages-origins":[{"id":"IN-MAL-2026-003514","versions":["0.13.5"],"import_time":"2026-05-26T05:50:46.377929386Z","source":"amazon-inspector","modified_time":"2026-05-20T09:46:29Z","sha256":"3aef9a7535c16df930fdb10e5b60773f5ba2e0a8cd102d53a4cc3da122cfd473"}]},"references":[{"type":"PACKAGE","url":"https://www.npmjs.com/package/svharness/v/0.13.5"}],"affected":[{"package":{"name":"svharness","ecosystem":"npm","purl":"pkg:npm/svharness"},"versions":["0.13.5"],"database_specific":{"indicators":{"evidence_files":[{"sha256":"0d2574b7eb0856c6c8c8307a2d2f24d9ed752187cdf9119a28de637371590a7a","tlsh":"ad11ef2f194a676029000cc98365a0d34a0bf20b9ca9a393296b85f4d8b6c47c909fde","path":"dist/wiki/defaults.js"},{"path":"dist/core/markitdown-client.js","tlsh":"97c1a34427f324328693225d133bec326b21452f756bd8a4fb9c03947f4c4b98aaafd4","sha256":"e76d4d1a775a327830c2553ed02215d07345c90e1ec7c6ad0a284c5711230785"}],"package_integrity":[{"filename":"svharness-0.13.5.tgz","hashes":{"sha1":"4879f49984fd8a68149d88d2191a929fbfa46822","sha512_sri":"sha512-faJtjLX4VPA1ka9xDwq6joGf1yrR7cTAtfWqMshVKIWa6XbKXJVsUhMqDvtoXZ4ja8K70O8P4gBpGzHZSWrVOw=="}}]},"cwes":[{"cweId":"CWE-506","description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code"}],"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/svharness/MAL-2026-4676.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"}]}