{"id":"MAL-2026-4696","summary":"Malicious code in turing-sdk (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (01af0d34d23b6ed4e61390a21baec8c1bb81080c04945293a7e4ba8d20277ca6)\npackage.json declares `turing-code` as an HTTPS tarball dependency at https://turing.tap365.org/v1.1.2/turing-code-1.1.2.tgz, bypassing the npm registry entirely. Any `npm install turing-sdk` resolves and installs that tarball, whose contents are mutable on the author's host and never seen by registry scanners. Per the package's own README, that dependency downloads a `turing` binary at install. The published `index.js` main entry is obfuscator.io-style obfuscated (rotated string-array decoder, hex-named identifiers, self-defending IIFE) and acts as a thin wrapper that spawns the sibling `turing` binary, passing the caller's API keys through env vars (OPENAI_API_KEY, ANTHROPIC_API_KEY, GEMINI_API_KEY, etc.). Default provider presets route requests to `*.tap365.org` gateway hosts (e.g. grok74.tap365.org). The combination — off-registry mutable tarball source + opaque downloaded binary + obfuscated wrapper that hands user credentials to that binary + author-operated gateway as default routing target — gives the publisher a free channel to ship arbitrary bytes to installers and to receive caller-supplied API keys.\n","modified":"2026-05-26T06:02:59.462843575Z","published":"2026-05-21T06:39:19Z","database_specific":{"malicious-packages-origins":[{"sha256":"01af0d34d23b6ed4e61390a21baec8c1bb81080c04945293a7e4ba8d20277ca6","import_time":"2026-05-26T05:51:15.56717825Z","versions":["1.1.3"],"source":"amazon-inspector","id":"IN-MAL-2026-003759","modified_time":"2026-05-21T06:39:19Z"}]},"references":[{"type":"PACKAGE","url":"https://www.npmjs.com/package/turing-sdk/v/1.1.3"}],"affected":[{"package":{"name":"turing-sdk","ecosystem":"npm","purl":"pkg:npm/turing-sdk"},"versions":["1.1.3"],"database_specific":{"cwes":[{"name":"Embedded Malicious Code","cweId":"CWE-506","description":"The product contains code that appears to be malicious in nature."}],"indicators":{"package_integrity":[{"hashes":{"sha512_sri":"sha512-WNQZILeP0HfG70RH21bTt0pEtjBPRZGhyP+5MUOuonRLwMI72DLiKXIO0J+6KyOxO/p1WKwu9UIivTbYhTYgzw==","sha1":"349ce4d3179708e0f42b521abd5ce96c3d512920"},"filename":"turing-sdk-1.1.3.tgz"}],"evidence_files":[{"sha256":"0be80bfdb7bd3d773d0266ce132f5347a035ff98e28dcf9b255890f7da861ad4","path":"package.json","tlsh":"aff04c21c7624eb312c86560fd6a5d0392761c270168bc0576cb003d8fdc19f51fe1ad"},{"sha256":"f1520999674b91983038187d318f31f4c636406093f5fa33b2a9ae5d9e0047fa","path":"index.js","tlsh":"1ff2b6646fc1a5801b579fb3722fa2d4e52b19be3a58089fd518bf647c7220be5e1c30"}]},"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/turing-sdk/MAL-2026-4696.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"}]}