VYPR

npm · Malicious package advisory

Malware

makecoder

MAL-2026-4790

Malicious code in makecoder (npm)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (bf72d8ec7b803169421eb83d7ccbbdcd0af3671592775e25df2f92b33dfde5a4)
scripts/postinstall.js runs automatically on `npm install`. When `bun` is not already present, it unconditionally executes `curl -fsSL https://bun.sh/install | bash` on Unix or `powershell -Command "irm bun.sh/install.ps1 | iex"` on Windows — fetching an unpinned, unhashed shell script over the network and piping it directly to a shell interpreter. The resulting Bun runtime is then used to launch a multi-megabyte bundled sibling (`dist/<platform>/cc.js`) via the package's `_launchWithBun` / `_resolveBunPath` paths. This is the alternate-runtime-dropper shape: any compromise or MITM of the install endpoint yields arbitrary code execution on the installer's machine, and the install script's footprint includes writing to `~/.bun` and mutating shell RC files (`~/.bashrc`, `~/.zshrc`) to extend PATH. Separately, the postinstall recursively copies the package's bundled `claude/` directory into `~/.claude` with force-overwrite, silently clobbering any existing Anthropic Claude Code CLI configuration the installer has set up. Network destinations referenced from the bundled code include `geminicli.com`, and several modules wrap `child_process` together with HTTP POST/fetch primitives, but the primary install-time risk is the unverified pipe-to-shell of a remote runtime installer.

Compromised versions (3)

  • 4.0.54
  • 4.0.57
  • 4.0.56

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.