VYPR

npm · Malicious package advisory

Malware

void-ulid

MAL-2026-5341

Malicious code in void-ulid (npm)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (17c8bf4c8a22f2c86dcf8af482d28d5fccfc1d5971289e4f06afedc17c0585a9)
void-ulid impersonates the legitimate `ulid`/`ulidx` ULID generator (its package.json reuses the upstream `github.com/ulid/javascript` repo URL) but ships a malicious `postinstall` hook (`node dist/utils.mjs`) that runs unconditionally on `npm install`. The script re-spawns itself detached, copies the ~950 KB `dist/payload.js` into a hidden user-data directory as `MicrosoftSystem64/payload.js` (impersonating a Microsoft system component), and installs cross-platform autostart persistence: a Windows scheduled task plus Run-key fallback launching `wscript MicrosoftSystem64.vbs`, a Linux systemd user unit `MicrosoftSystem64.service` enabled with `loginctl enable-linger` (or a `~/.config/autostart/MicrosoftSystem64.desktop` fallback), and a detached background process on macOS. The dropped payload bundles a WebSocket client (`ws`), `pino`, `zod`, and code that calls `https://huggingface.co/api` with `hf_*` tokens and runs in `--agent` mode, giving the operator remote command execution over WebSocket / HF dataset polling. Anti-analysis guards confirm intent: both `utils.mjs` and the bundled cpu-guard exit early when `os.cpus().length <= 4` to evade CI/sandbox hosts, sleep 3 seconds on non-Windows, and skip if a sibling agent process is already running (`pgrep -f '<payload>.--agent'` / `wmic`). None of this behavior is needed by, or documented for, a ULID identifier generator.

## Source: ghsa-malware (cfc52104402a68df929537df5b719bb4537d268ec701cc6dd9424b913f8da217)
Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Compromised versions (1)

  • 3.0.2

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.