conductor-managed-airflow-environment@99.1.15Malicious

Verified

Analysed at: 3/11/26, 11:37 PM

Source: https://registry.npmjs.org/conductor-managed-airflow-environment/-/conductor-managed-airflow-environment-99.1.15.tgz

SHA256: 8b731ada8709ae2b906c2c182b62060d5eb1c191f3688809297efaf26f3e93b1

Confidence: High

Summary

Note: This report is updated by a verification record

The package contains a preinstall script executing node index.js, flagged by YARA and LLM, suggesting it's likely malware.

Verification Record

The package is marked as malware by OSV: MAL-2026-1385 with source: ghsa-malware

Details

Note: This report is updated by a verification record

The package contains a preinstall script that executes node index.js. This is flagged by both YARA and LLM analysis. The preinstall script is a common method for malware to execute arbitrary code upon installation. The low confidence of the YARA rule is mitigated by the LLM analysis which indicates medium confidence of malicious behavior. The combination of these two findings suggests that the package is likely malware.

Summary

Note: This report is updated by a verification record

The package contains a preinstall script executing node index.js, flagged by YARA and LLM, suggesting it's likely malware.

Verification Record

The package is marked as malware by OSV: MAL-2026-1385 with source: ghsa-malware

Details

Note: This report is updated by a verification record

conductor-managed-airflow-environment@99.1.15Malicious

Verified

Analysed at: 3/11/26, 11:37 PM

Source: https://registry.npmjs.org/conductor-managed-airflow-environment/-/conductor-managed-airflow-environment-99.1.15.tgz

SHA256: 8b731ada8709ae2b906c2c182b62060d5eb1c191f3688809297efaf26f3e93b1

Confidence: High