Summary

Note: This report is updated by a verification record

Malicious scripts exfiltrate sensitive info (username, path, hostname) to a remote webhook via wget in test, preinstall & preupdate.

Verification Record

The package is marked as malware by OSV: MAL-2026-2635 with source: ghsa-malware

Details

Note: This report is updated by a verification record

The package contains malicious scripts in package.json. The test, preinstall, and preupdate scripts use wget to exfiltrate sensitive information (username, current path, and hostname) to a remote webhook. This behavior is indicative of malicious intent.

Summary

Note: This report is updated by a verification record

Malicious scripts exfiltrate sensitive info (username, path, hostname) to a remote webhook via wget in test, preinstall & preupdate.

Verification Record

The package is marked as malware by OSV: MAL-2026-2635 with source: ghsa-malware

Details

Note: This report is updated by a verification record

pubnub-element@9.0.0Malicious

Verified

Analysed at: 4/12/26, 5:44 PM

Source: https://registry.npmjs.org/pubnub-element/-/pubnub-element-9.0.0.tgz

SHA256: aa2a2724e9e6eaeb8d9d8730ee332243eb70dc6e1089c634a91efb3d784c241c

Confidence: High