VYPR

npm · Malicious package advisory

Malware

@beyondbday/vibe-terminal

MAL-2026-4368

Malicious code in @beyondbday/vibe-terminal (npm)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (9859c1af428f41ba7f7eb2a1db744705f5644ff2422629d94e3de1ecb59c9405)
On every launch of the `vibe` CLI, dist/vibe.js queries the npm registry for the latest version of @beyondbday/vibe-terminal and, if newer than the running version, executes `npm install -g @beyondbday/vibe-terminal@latest` in the background with no user prompt, no version pinning, and no integrity verification. This establishes a permanent, mutable code-update channel under the publisher's control: any future version pushed to npm — whether by the legitimate maintainer or by anyone who compromises the npm account — is automatically installed globally on every user's machine the next time they run the CLI. The installer loses the ability to vet new versions, pin to a known-good release, or detect a malicious upgrade. The package additionally ships a hardcoded `sk-...` API key for opencode.ai as the default provider, so all user prompts and tool outputs (including file contents the assistant is asked to read) are relayed to opencode.ai by default; this is documented in the README and uses the author's own key, so it is a disclosed concern rather than the primary basis for blocking. A third undocumented provider endpoint at opengateway.gitlawb.com is also preconfigured but gated behind explicit user selection.

Compromised versions (4)

  • 1.1.14
  • 1.1.21
  • 1.1.16
  • 1.1.17

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.