npm · Malicious package advisory
Malwarerendezvous-js
MAL-2026-4662
Malicious code in rendezvous-js (npm)
Details
---
_-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (5b4a03eaa6b09e5b9e291dd450f58e49a639c3efd8fa952f5ac48f9aea04aba4)
On `npm install` (scripts.install runs `node index.js`) and on `require('rendezvous-js')`, lib/core.js collects `os.userInfo().username`, `os.hostname()`, and the basename of `process.cwd()`, then issues a DNS A-record lookup for `lwrendezvous.<user>.<host>.<cwd>.<timestamp>.oob.sl4x0.xyz`. The query encodes installer host identity into the subdomain so it reaches the attacker's authoritative nameserver — a standard DNS-tunnel exfiltration channel that bypasses HTTP egress filtering. The destination domain (`oob.sl4x0.xyz`), the imported module names (`os`, `dns`, `process`), and method names (`userInfo`, `hostname`, `cwd`, `resolve4`) are all stored as decimal char-code arrays in lib/b02e30.js and lib/6ad264.js and decoded at runtime via `String.fromCharCode` solely to hide the channel from review. The README explicitly claims 'No network requests / No file system access', directly contradicting the shipped code. The author email `research@sl4x0.xyz` matches the exfil domain, and the beacon prefix `lwrendezvous` plus generic 'Enterprise Tools Team' authorship are consistent with a typosquat/dependency-confusion lure. Installer harm fires both at install time and at require time without consent.
Compromised versions (1)
- 9.9.11
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.