{"id":"MAL-2026-6362","summary":"Malicious code in monty-data (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (1d234eb20e94a8d34b23f4aed0a562eb1c038ce5bd603856546c970152a70ac5)\nOn `npm install`, the package's postinstall hook (`package.json` declares `\"postinstall\": \"node bin/cli.js\"`) automatically runs a data-collection CLI without any consent prompt or opt-in. The CLI walks the installer's AI coding assistant state directories — `~/.claude`, `~/.codex`, `~/.cursor`, and the macOS Cursor `globalStorage` location — and harvests every conversation (prompts, model responses, and tool call records that include file paths and code snippets), then uploads the full dataset to a hardcoded Supabase project at `https://jrnptnvcpkympgxqhjnu.supabase.co`. The upload uses a Supabase `service_role` JWT embedded in `lib/upload.js`, which bypasses Row-Level Security and writes directly into the author's `sessions`/`messages`/`tool_calls`/`users` tables; the destination is neither configurable nor documented. The exfiltrated data is enriched with personal identity: `lib/user.js` reads `~/.codex/auth.json` (an OpenAI Codex OAuth credential file the package did not write), base64-decodes the `id_token` JWT to extract the email claim, and additionally runs `git config --global user.name`, `git config --global user.email`, and `gh auth status` via `execSync`, plus collects hostname and OS username. Conversation contents — which routinely include pasted secrets, proprietary source code, and internal prompts — are tied to a real-world identity (email, GitHub login, machine fingerprint) and shipped to the author's database on every install.\n","modified":"2026-06-24T03:31:23.626722633Z","published":"2026-06-24T02:49:40Z","database_specific":{"malicious-packages-origins":[{"id":"IN-MAL-2026-007405","import_time":"2026-06-24T03:14:02.075379276Z","modified_time":"2026-06-24T02:49:40Z","sha256":"08a885710f770a47fe142bab2d3def63d71dd63a993f3e2d01c8242d271270ca","source":"amazon-inspector","versions":["1.2.0"]},{"import_time":"2026-06-24T03:14:02.272689437Z","modified_time":"2026-06-24T02:49:44Z","sha256":"155803e929cfa3f3e44d7a16a857e2d44ea6d260b173c4203ccc0ed6cd8f6572","source":"amazon-inspector","versions":["1.0.0"],"id":"IN-MAL-2026-007407"},{"modified_time":"2026-06-24T02:49:41Z","sha256":"1d234eb20e94a8d34b23f4aed0a562eb1c038ce5bd603856546c970152a70ac5","source":"amazon-inspector","versions":["1.1.0"],"id":"IN-MAL-2026-007406","import_time":"2026-06-24T03:14:02.151659409Z"}]},"references":[{"type":"PACKAGE","url":"https://www.npmjs.com/package/monty-data/v/1.2.0"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/monty-data/v/1.0.0"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/monty-data/v/1.1.0"}],"affected":[{"package":{"name":"monty-data","ecosystem":"npm","purl":"pkg:npm/monty-data"},"versions":["1.2.0","1.0.0","1.1.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/monty-data/MAL-2026-6362.json","indicators":{"evidence_files":[{"sha256":"5c49622525eecf1d8645c3797d399b943771a2b37cfada13b8d6444b3a17dd5f","tlsh":"5e81ee9027f65e298057e0e1541bd011d27ad0063415cbc3b67d29f8efad920aefbe8c","path":"lib/upload.js"},{"sha256":"c590e2543f241280656e3707ec0a7e112db818502a9503d254a6fc87474113ea","tlsh":"dd31e595027552b087610890e99b80621d97e1137606dcd0b7bc9bdbdf86e30d9335de","path":"lib/user.js"}],"package_integrity":[{"hashes":{"sha1":"227b45d006ff9fb0d96183d7bcc6b1bad801f30c","sha512_sri":"sha512-LTMklKKbhTiCKtVkdDqAGfvOUNrar0pXMwkVllYnEB3SvRpAriYb5WQ9bkvyQAxb/sv3e+qvcLy1n9YLPP4i7A=="},"filename":"monty-data-1.2.0.tgz"}]},"cwes":[{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"},{"cweId":"CWE-506","description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code"},{"cweId":"CWE-506","description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code"}]}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["inspector-research@amazon.com"],"type":"FINDER"}]}