npm · Malicious package advisory
Malwarenonenull1
MAL-2026-10090
Malicious code in nonenull1 (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (162cd9e0496d35e0500fe084f6011a3e6893182b0fa209502c5d6017ab1138ac) The package declares `gypfile: true` with no native C/C++ sources, and its binding.gyp abuses GYP command-expansion syntax in the `sources` list — `<!(node index.js...)` with `type: none` — so that npm's automatic `node-gyp rebuild` step runs `node index.js` during install-time configure. index.js then collects installer identifiers via `os.hostname()`, `os.userInfo().username`, and the CI environment variables `GITHUB_REPOSITORY` and `RUNNER_ENVIRONMENT`, and POSTs a JSON body to a hardcoded ngrok tunnel at `crabbing-thong-overhung.ngrok-free.dev` (`https://crabbing-thong-overhung.ngrok-free.dev/?gyp_rce=1`). It also drops `GYP_STEALTH_PWNED.txt` into `GITHUB_WORKSPACE` (or cwd) whose content self-identifies as `Stealth RCE via binding.gyp!`. There are no shipped native sources for the GYP config to build; the binding.gyp exists solely to trigger the embedded JS at install. The absence of any explicit `install`/`postinstall` script masks the lifecycle execution — the trigger is `binding.gyp` presence, which npm resolves via `node-gyp rebuild`. This is a fully automatic install-time RCE and CI-reconnaissance beacon, with the ngrok destination indicating an author-controlled receiver. ## Source: ossf-package-analysis (5f02ee2873da4d092fe8c8cc7418db3d2c661a64e5015eb0505fe26e5979da80) The OpenSSF Package Analysis project identified 'nonenull1' @ 1.5.2 (npm) as malicious. It is considered malicious because: - The package communicates with a domain associated with malicious activity.
Compromised versions (10)
- 1.2.0
- 1.3.0
- 1.4.0
- 1.0.0
- 1.5.2
- 1.5.0
- 1.6.0
- 1.5.5
- 1.5.4
- 1.5.6
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.