npm · Malicious package advisory
Malwarefrontend-regulations
MAL-2026-10415
Malicious code in frontend-regulations (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (6d88817d57907505adf7d303019c78adceb6da7bedf1e3416f2b9a1e80605ca1) frontend-regulations@99.9.1 is a near-empty wrapper (index.js exports an empty object) whose package.json declares the dependency 'ltidisafe' with the URL https://ltidi.storage.googleapis.com/depenconf/ltidisafe-3.3.3.tgz instead of a registry version. Installing this package causes npm to fetch a tarball from a Google Cloud Storage bucket unrelated to any documented publisher and place it into the installer's node_modules, where its lifecycle scripts and main entry execute during `npm install`. The wrapper package itself provides no functionality; its only effect is to smuggle the externally-hosted tarball into the dependency tree. The suspiciously high version number (99.9.1) combined with a hollow main entry and an off-registry dependency URL matches the dependency-chain dropper pattern.
Compromised versions (1)
- 99.9.1
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.