@servicepoint/vue-project@99.99.9Malicious

Verified

Analysed at: 1/11/26, 1:16 PM

Source: https://registry.npmjs.org/@servicepoint/vue-project/-/vue-project-99.99.9.tgz

SHA256: 57eca3885d63d2aa7ff2c7173f446a4582e603b6fca9584e57f4c020afa2758b

Confidence: High

Summary

Note: This report is updated by a verification record

The package is a malware because it exfiltrates username and hostname via a preinstall script using curl to an external server.

Verification Record

The package is marked as malware by OSV: MAL-2026-260 with source: amazon-inspector

Details

Note: This report is updated by a verification record

The package contains a preinstall script in package.json that gathers the username and hostname, and then attempts to send this data to an external server using curl. This behavior is highly suspicious and indicative of malicious intent. The combination of npm_preinstall_command, npm_preinstall_curl, exfil_whoami_hostname YARA rules and the LLM analysis confirms the exfiltration attempt.

Summary

Note: This report is updated by a verification record

The package is a malware because it exfiltrates username and hostname via a preinstall script using curl to an external server.

Verification Record

The package is marked as malware by OSV: MAL-2026-260 with source: amazon-inspector

Details

Note: This report is updated by a verification record

@servicepoint/vue-project@99.99.9Malicious

Verified

Analysed at: 1/11/26, 1:16 PM

Source: https://registry.npmjs.org/@servicepoint/vue-project/-/vue-project-99.99.9.tgz

SHA256: 57eca3885d63d2aa7ff2c7173f446a4582e603b6fca9584e57f4c020afa2758b

Confidence: High