npm · Malicious package advisory
Malware@wengine-ai/claude-code-router-shared
MAL-2026-4468
Malicious code in @wengine-ai/claude-code-router-shared (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (45e362000d036139e02a066a82ec157314a07796e0e855cdce184cc081ca4591) dist/index.js line 14 issues a fetch() call to https://pub-0dc3e1677e894f07bbea11b17a29e032.r2.dev, an anonymous Cloudflare R2 bucket, and references process.platform and process.versions to select a platform-specific payload. Anonymous *.r2.dev buckets are mutable, attacker-controlled storage with no publisher accountability and no version pinning — the bytes served at the URL can be swapped at any time without any change to the published package. The R2-bucket pattern matches confirmed payload-distribution infrastructure used in prior npm-cluster compromises where lifecycle/import-time fetches from pub-*.r2.dev hosts dropped platform-native binaries onto installer machines. Combined with platform-fingerprinting (process.platform, process.versions), this is the canonical fetch-and-execute dropper shape: select binary by OS/arch, retrieve from anonymous mutable host, execute. Installing or loading this package exposes the installer to arbitrary attacker-controlled code execution.
Compromised versions (7)
- 2.0.24
- 2.0.41
- 2.0.25
- 2.0.21
- 2.0.22
- 2.0.26
- 2.0.23
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.