@the-coca-cola-company/ngps-global-common-utils@9.9.9Malicious

Verified

Analysed at: 2/18/26, 9:53 AM

Source: https://registry.npmjs.org/@the-coca-cola-company/ngps-global-common-utils/-/ngps-global-common-utils-9.9.9.tgz

SHA256: c403aa47d134a9691d0a286234183598d327182e7246670bc36282ff5d188f19

Confidence: High

Summary

Note: This report is updated by a verification record

Malicious post-install script combined with low project popularity indicates potential malware. Arbitrary code execution is a major concern.

Verification Record

The package is marked as malware by OSV: MAL-2026-2410 with source: amazon-inspector

Details

Note: This report is updated by a verification record

The package exhibits suspicious behavior. The post-install script executes node -e "try{require('.')}catch(e){}", which attempts to require the current directory. This can lead to arbitrary code execution, a common malware technique. Additionally, the project has low popularity and few published versions, raising further concerns. While each of these individually might not be conclusive, the combination suggests malicious intent.

Summary

Note: This report is updated by a verification record

Malicious post-install script combined with low project popularity indicates potential malware. Arbitrary code execution is a major concern.

Verification Record

The package is marked as malware by OSV: MAL-2026-2410 with source: amazon-inspector

Details

Note: This report is updated by a verification record

@the-coca-cola-company/ngps-global-common-utils@9.9.9Malicious

Verified

Analysed at: 2/18/26, 9:53 AM

Source: https://registry.npmjs.org/@the-coca-cola-company/ngps-global-common-utils/-/ngps-global-common-utils-9.9.9.tgz

SHA256: c403aa47d134a9691d0a286234183598d327182e7246670bc36282ff5d188f19

Confidence: High