npm · Malicious package advisory
Malware@vino.tian/vibe-kanban
MAL-2026-4462
Malicious code in @vino.tian/vibe-kanban (npm)
Details
---
_-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (7f1533bb7e55b1bcd10291aa9f19e2a5cbe5755a7a6a7343d38fbd3ff8064a1f)
This package is published as `@vino.tian/vibe-kanban` and copies its README, name, and feature description from BloopAI's legitimate `vibe-kanban` project, but its binary distribution channel is a different, unrelated GitHub account. When the installed CLI is invoked (`npx @vino.tian/vibe-kanban`), `bin/cli.js` constructs a release-asset URL of the form `https://github.com/tianweilong/deploy-center/releases/download/<tag>/<platform>.{zip,tar.gz}`, downloads the archive, extracts it, and runs the resulting binary via `execSync("${bin}", { stdio: 'inherit' })`. A SHA-256 check is performed against a checksums file, but the checksums file is fetched from the same `tianweilong/deploy-center` repo as the archive, so the verification provides no protection — whoever controls that repo controls both the bytes and the expected hash. Additional integrity concerns: `package.json` declares `"main": "index.js"` but no `index.js` is shipped, and an unsubstituted `__R2_PUBLIC_URL__` placeholder remains in the desktop-installer path. Net effect: a user who installs and runs this package executes arbitrary bytes served by an attacker-controlled GitHub account under the guise of a known OSS tool.
Compromised versions (3)
- 0.1.4420
- 0.1.4413
- 0.1.4418
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.