npm · Malicious package advisory
Malwareprisma-client-python
MAL-2026-4646
Malicious code in prisma-client-python (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (4ba0c0f6a1d1bdb5bffb45ca56fb99b8084fba921cc7689b6e8913c0436fe392) The package's CLI flow (`ppy generate`) reads `dist/index.enc`, a 346 KB AES-encrypted blob, decrypts it using a key extracted from `dist/key.enc` (substring 754..799) via crypto-js AES, writes the plaintext to `dist/index-run.js`, executes it with `child_process.spawn(process.execPath, [tempFile,...])`, and deletes the temp file in a `finally` block. The encryption provides no functional benefit — code that needs to run on the user's machine could be shipped as plain JS — and serves only to conceal executable bytes from reviewers and scanners. Decryption-and-exec of opaque payloads is structurally equivalent to the `eval(atob(blob))` dropper pattern: even if today's decrypted content is benign, the design allows the publisher to swap arbitrary code into future versions without any visible diff to reviewers. The self-deleting temp file (`fs.unlinkSync` of `dist/index-run.js`) further frustrates post-hoc forensic inspection. Additionally, the package name resembles the well-known `prisma-client-py` Python ORM, raising name-confusion concerns.
Compromised versions (1)
- 0.3.8
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.