wellness-expert-ng-gallery@5.1.1Malicious

Verified

Analysed at: 11/24/25, 9:24 AM

Source: https://registry.npmjs.org/wellness-expert-ng-gallery/-/wellness-expert-ng-gallery-5.1.1.tgz

SHA256: 236f487007c0fd29a0a70caf85cdc3f98d4510b3c0391387d86e5a1ea7b9113e

Confidence: High

Summary

Note: This report is updated by a verification record

The package is likely malicious due to suspicious preinstall script and bash startup file access, indicating potential persistence mechanisms.

Verification Record

Confirmed malicious package as part of coordinated supply chain attack targeting npm ecosystem

Details

Note: This report is updated by a verification record

The package exhibits multiple suspicious behaviors. Both bun_environment.js and setup_bun.js access multiple bash startup files (Evidence 0 and 3). The package.json contains a preinstall script executing setup_bun.js (Evidence 1 and 2), a common technique for malicious packages to execute arbitrary code. The combination of these factors suggests malicious intent.

Summary

Note: This report is updated by a verification record

The package is likely malicious due to suspicious preinstall script and bash startup file access, indicating potential persistence mechanisms.

Verification Record

Confirmed malicious package as part of coordinated supply chain attack targeting npm ecosystem

Details

Note: This report is updated by a verification record

wellness-expert-ng-gallery@5.1.1Malicious

Verified

Analysed at: 11/24/25, 9:24 AM

Source: https://registry.npmjs.org/wellness-expert-ng-gallery/-/wellness-expert-ng-gallery-5.1.1.tgz

SHA256: 236f487007c0fd29a0a70caf85cdc3f98d4510b3c0391387d86e5a1ea7b9113e

Confidence: High