{"id":"MAL-2026-6716","summary":"Malicious code in test-pkg-pnpm (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (ae5df84cbdf3092d5f7b8f405248144eacdf5119c756c97726974e547810ebec)\nOn `npm install`, the package's `postinstall` script (`node demo-clean.js`) auto-executes two installer-side actions without consent. First, `openDemo()` platform-branches via `execSync` to open https://github.com/X3r0Day/BunnyHijack in the installer's default browser and to spawn the OS calculator (`calc` on Windows, `open -a Calculator` on macOS, `gnome-calculator`/`kcalc` on Linux) — the canonical `calc.exe` proof of unauthenticated code execution on the installer's host. Second, `cleanup()` walks every ancestor directory of `INIT_CWD`, `process.cwd()`, and the user's home directory, calling `fs.rmSync(..., {recursive:true, force:true})` against paths inside each ancestor's `node_modules`, `node_modules/.pnpm`, `node_modules/.bin/node*` shims, `~/.npm/_npx`, `~/.bun/install/cache`, and tmpdir entries; `cleanupPackageJson()` then reads each ancestor `package.json` and rewrites it via `fs.writeFileSync` after deleting matching entries from `dependencies`, `devDependencies`, `optionalDependencies`, and `peerDependencies`. The destructive recursive-force-rm operates well outside the package's own directory and reaches the user's home tree, and the spawned-process primitive can be retargeted to any binary in a future release.\n","modified":"2026-07-01T21:16:41.638778407Z","published":"2026-07-01T20:47:19Z","database_specific":{"malicious-packages-origins":[{"import_time":"2026-07-01T21:04:20.562853387Z","modified_time":"2026-07-01T20:47:27Z","id":"IN-MAL-2026-007894","versions":["1.0.1"],"source":"amazon-inspector","sha256":"8ee6a2ba8d90a67199eae146b7688190adb974ce5aa1be7c07d56e2e3999d270"},{"import_time":"2026-07-01T21:04:20.500515222Z","modified_time":"2026-07-01T20:47:19Z","id":"IN-MAL-2026-007893","versions":["1.0.4"],"source":"amazon-inspector","sha256":"ae5df84cbdf3092d5f7b8f405248144eacdf5119c756c97726974e547810ebec"}]},"references":[{"type":"PACKAGE","url":"https://www.npmjs.com/package/test-pkg-pnpm/v/1.0.1"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/test-pkg-pnpm/v/1.0.4"}],"affected":[{"package":{"name":"test-pkg-pnpm","ecosystem":"npm","purl":"pkg:npm/test-pkg-pnpm"},"versions":["1.0.1","1.0.4"],"database_specific":{"indicators":{"evidence_files":[{"path":"package.json","tlsh":"1ed02b448861467324cd38615d399403a7380b4780153c2c62d71099aa497bb04b9265","sha256":"8f7a41070899d5ceb3cd3a6efd35364f45943b1b41a0f8a01010993f897e48d1"},{"sha256":"e4ae6c862f2fcf3c6440c966cd74bd9f07a06be072bd301df27ae0848aa50adb","path":"shim.js","tlsh":"3331726796a197f42de04dc2a487482174abc723b205ffb881ced1536b8a41702fb4f9"}],"package_integrity":[{"hashes":{"sha1":"b399121b46ab19bca631a7c8234653a187e9a343","sha512_sri":"sha512-Jki+8yoVYBSIpTuE83uAVs1P1+sB7zGchYs0/a6Ehyc2FFIBXxtxeRKEMgN/paXXit0sHpH3rMCizPaOluUlgw=="},"filename":"test-pkg-pnpm-1.0.1.tgz"}]},"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/test-pkg-pnpm/MAL-2026-6716.json","cwes":[{"description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506","name":"Embedded Malicious Code"},{"description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506","name":"Embedded Malicious Code"}]}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["inspector-research@amazon.com"],"type":"FINDER"}]}