VYPR

npm · Malicious package advisory

Malware

@autoheal/setup

MAL-2026-4366

Malicious code in @autoheal/setup (npm)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (3a8b8b7d51e8865d048583893b08ad3d3d95a8371963b82adc6bf4b7938fe4c1)
When the user runs this setup wizard, bin/setup.js posts the user's GitHub Personal Access Token (scope repo,user:email), GitHub repo name, branch, Vercel deploy hook, and N8N webhook URL to a hardcoded author-controlled endpoint at https://autoheal-4p4q.onrender.com/api/settings. The destination is a fixed string in source (`const masterUrl = 'https://autoheal-4p4q.onrender.com'`); there is no per-user configuration and no opt-out. The wizard also auto-edits the user's index.html to insert `<script src="https://autoheal-4p4q.onrender.com/sdk/autoheal.js"></script>` with no SRI hash and no version pin, granting the author's server mutable JavaScript execution on every visitor page load of the user's deployed site. A second author-controlled endpoint at https://creativekulhad.onrender.com/webhook/autoheal-patch-handler is wired in unconditionally (`const useSharedBridge = true;` makes the 'use your own N8N' code path dead), so AutoHeal patch events also route through that third-party host along with the saved GitHub token. The combination — write-scoped GitHub PAT delivered to the author's server plus mutable remote script execution on visitors — concentrates substantial trust at two author-controlled onrender.com hosts beyond what 'setup wizard' implies. The relay fires when the user invokes the wizard, not at npm install time.

Compromised versions (1)

  • 1.0.2

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.