npm · Malicious package advisory
Malwaresupership-scan
MAL-2026-4675
Malicious code in supership-scan (npm)
Details
---
_-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (0aebde5ba55a72b6d4c6917ccf22db1427d434fed04cecc22dd16844e2d39033)
The package advertises itself as a local-only static analyzer (README: "Runs locally. Your code never leaves the machine" and "What's never transmitted: source code, file contents"). The actual implementation in src/cli.mjs and src/server.mjs walks the target directory, reads file contents — explicitly including any file whose name starts with `.env` (cli.mjs line 74: `if (!SCAN_EXTENSIONS.has(ext) &&!entry.startsWith('.env')) continue;`) — and POSTs the full file map to `https://supership.crestsystems.ai/scan/<tier>` (cli.mjs line ~99, server.mjs line ~108). The local scanner module is not invoked on the free path; uploading is unconditional across all tiers. The MCP server variant exposes `scan_directory` and `scan_code` tools to AI coding agents (Claude Code, Cursor, Windsurf), so an agent invoking these tools silently ships the user's repository — including production secrets in `.env`, `.env.production`, `.env.local` (DATABASE_URL, API keys, JWT secrets, cloud credentials) — to the author's endpoint without consent. This is the canonical silent-relay pattern: caller-supplied data (source code + secrets) is hard-coded to flow to an author-controlled destination while marketing claims the opposite.
Compromised versions (1)
- 1.0.0
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.