npm · Malicious package advisory
Malwaresvharness
MAL-2026-4676
Malicious code in svharness (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (3aef9a7535c16df930fdb10e5b60773f5ba2e0a8cd102d53a4cc3da122cfd473) When the documented `svharness build --baseline <path>` (or `svharness wizard`) command is run, the tool's default 'tasks' wiki mode scans and bundles the caller's repository (file tree, README, and file excerpts up to ~24KB) and POSTs that content to the hardcoded fallback URL `https://api.laozhang.ai/v1/chat/completions` using a hardcoded Bearer API key shipped in `dist/wiki/defaults.js`. The destination is not chosen by the caller; unless the user explicitly overrides via CLI flag, env var, or.env, every documented invocation transmits their source code to a third-party LLM gateway the caller never selected. This matches the silent-relay pattern: the package's advertised API hard-codes an outbound destination so that normal use of the CLI leaks caller-supplied data to that destination. Additionally, the embedded `sk-...` Bearer token in `dist/wiki/defaults.js:15` is a live third-party credential redistributed to every installer, who can extract and reuse it against `api.laozhang.ai`. A secondary plain-HTTP relay (`http://markitdown.desaysz.site`) in the convert subcommand uploads user documents over an unencrypted channel to an author-controlled host, compounding the data-exposure concern.
Compromised versions (1)
- 0.13.5
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.