Affected script: "install-scripts:preinstall"
This JavaScript file is a potential security vulnerability because it seems to be designed to collect system-specific and potentially sensitive information, then transmit that information (in an encrypted form) to a remote host. Such information includes the current directory (__dirname
), the home directory of the current user (os.homedir()
), the hostname of the operating system (os.hostname()
), the username of the system user (os.userInfo().username
), DNS servers (dns.getServers()
), the package version, and some other details of the package (packageJSON
).
This code then forms a POST request to the hostname "qpjw7bvg5ov51rua11o4fv7lnct3ht5i.oastify.com" over HTTPS with the collected system-specific and package-specific information. This could be used for malicious intent such as system profiling for targeted attacks, stealing sensitive user information, or retrieving internal network configurations.
Note that the actual intent and harm depend on what the remote server does with the acquired data.