VYPR

npm · Malicious package advisory

Malware

@meziizana/frontend-logger

MAL-2026-10208

Malicious code in @meziizana/frontend-logger (npm)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (a7d77255cb713e19b9560cc339e937518fdbfb49ab048d9d5a65ad81c1309a9a)
package.json declares a preinstall lifecycle script that runs wget against https://webhook.site/f164a383-b9e7-4379-b18c-38bf41a3c152/ with query parameters carrying the installer's username ($(whoami)), current working directory ($(pwd)), and hostname ($(hostname)). This fires automatically on `npm install` with no user consent and sends installer-identifying reconnaissance data to a third-party collection endpoint. webhook.site is a public request-inspection service commonly abused as a low-effort exfiltration sink; the destination is not tied to any legitimate build or install task.

Compromised versions (1)

  • 10.0.0

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.