victoria-wallet-constants@0.1.1Malicious

Verified

Analysed at: 11/24/25, 3:50 PM

Source: https://registry.npmjs.org/victoria-wallet-constants/-/victoria-wallet-constants-0.1.1.tgz

SHA256: ac1581862f9617e947b88fe4ad41e2abd919ee3f46f8a83669d6e279e8265224

Confidence: High

Summary

Note: This report is updated by a verification record

The package is likely malicious due to a preinstall script executing arbitrary code and suspicious bash startup file access.

Verification Record

Confirmed malicious package as part of coordinated supply chain attack targeting npm ecosystem

Details

Note: This report is updated by a verification record

The package exhibits multiple suspicious behaviors. The package.json contains a preinstall script that executes node setup_bun.js, allowing arbitrary code execution during installation (Evidence 1 & 2). Both bun_environment.js and setup_bun.js access multiple bash startup files, indicating potential persistence mechanisms (Evidence 0 & 3). These multiple strong indicators suggest malicious intent.

Summary

Note: This report is updated by a verification record

The package is likely malicious due to a preinstall script executing arbitrary code and suspicious bash startup file access.

Verification Record

Confirmed malicious package as part of coordinated supply chain attack targeting npm ecosystem

Details

Note: This report is updated by a verification record

victoria-wallet-constants@0.1.1Malicious

Verified

Analysed at: 11/24/25, 3:50 PM

Source: https://registry.npmjs.org/victoria-wallet-constants/-/victoria-wallet-constants-0.1.1.tgz

SHA256: ac1581862f9617e947b88fe4ad41e2abd919ee3f46f8a83669d6e279e8265224

Confidence: High