Home
Docs
GitHub
Pricing
Blog
Log In
DOCS
GITHUB
PRICING
BLOG
Log In

Run Sandworm Audit for your App

Get started
This package has been removed from the registry.
โš ๏ธ This package seems to have critical severity install script vulnerabilities

Affected script: "install-scripts:preinstall"

The index.js script collects sensitive information from the user's system and sends it to an external server. The data it collects includes the project directory, user home directory, hostname, username, DNS servers, the resolved URL if present, package version, and entire package.json content. This information could potentially include sensitive data such as private API keys or other secrets. It transmits this data to a specified URL ("9jtd6rt6pqm65h6twz7s9refa6gx4nsc.oastify.com") which is likely under the control of an attacker. The comments in the code suggest replacing with a known penetration testing server such as Burp Collaborator, Interactsh, or Pipedream, which are services commonly used for identifying security vulnerabilities. This behavior is indicative of malicious intent, potentially being part of a supply chain attack aimed at exfiltrating data from developers' systems.

Generated on Nov 11, 2023 via pnpm
Repo
Npm

ifl-primitives 4.27.2

"Indeed app POC "
Package summary
Share
0
issues
0
licenses
Package created
11 Nov 2023
Version published
11 Nov 2023
Maintainers
1
Total deps
0
Direct deps
0
License
ISC

Issues

0
This package has no issues

All Versions

Sandworm Dunes
Ready to start?

Scan your app for security vulnerabilities and license issues

Start Free With GitHub
Sandworm Open Source
Sandworm
Getting Started Issue Types Resolve Issues License Policies Sandworm Guard
Explore
Npm Package List Composer Package List Npm Categories List Npm Security Vulnerabilities Composer Security Vulnerabilities
Support
Sponsor Discuss Terms of Use Privacy Policy Security
More from Sandworm
Newsletter ๐• / Twitter ๐• / Twitter Security Alerts Knowledge Base Blog Contact