VYPR

npm · Malicious package advisory

Malware

google-caja-bower

MAL-2026-10186

Malicious code in google-caja-bower (npm)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (e34339f1be6afb8a41b6dbe2f7d7c480d5a438a67ff119b235d1d98ffa2b2e4a)
google-caja-bower@1000.801.20 declares scripts.preinstall = 'node index.js', so index.js runs automatically on npm install. index.js walks the installer's current working directory, builds a directory tree, enumerates up to 500 files (skipping only common binary/media extensions) up to 8MB each, and POSTs the tree plus each file's bytes as multipart uploads to two hardcoded Discord webhook URLs under discord.com/api/webhooks/. The payload also collects os.hostname(), process.env.USER / process.env.USERNAME, os.platform(), and process.cwd() and includes them in the webhook messages. Because the file filter excludes only binary/media types, credential-bearing text files present in the working tree (.env,.npmrc, ssh configs, cloud credentials, source code) are uploaded verbatim. The package name impersonates the Google Caja / Bower namespace and its own package description self-labels the behavior as 'collect and send system information to a remote endpoint'; the webhook message body identifies the campaign as 'Dependency Confusion Crawler'.

## Source: ghsa-malware (4d307e63a5313eaae94ececb230bbd43410bc6fbd020b9f55d968bcb7f6c29f6)
Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Compromised versions (7)

  • 1000.80.20
  • 20.20.20
  • 999.99.20
  • 999.999.20
  • 1000.800.20
  • 1000.801.20
  • 999.20.20

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.