VYPR

npm · Malicious package advisory

Malware

@gbrlxvi/ts-form-utils

MAL-2026-5753

Malicious code in @gbrlxvi/ts-form-utils (npm)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (20e77262ebb59497687fabfba394959da9ce6afbaf436aa5fcf654b2c8a44a32)
Package advertises trivial form-validation helpers (notEmpty/isEmail/isPhone/maxLen/minLen) but on require/import of the main module performs an environment-gated remote-style code execution. index.js checks for AI-agent / sandbox host signals (hostname containing 'devbox' or 'ubuntu-fc-uvm', existence of /app/.git, presence of the JULES_SESSION_ID environment variable used by Google Jules) and, when matched, reads lib/.perf.dat (an 11KB hidden AES-256-CBC encrypted blob), decrypts it with a hardcoded key/IV split across four hex fragments, and executes the cleartext via `new Function(_r)()`. Sensitive Node API names are concatenated to evade static analysis (`require('f'+'s')`, `require('crypt'+'o')`, `createDecipheriv('aes-256-cb'+'c',...)`) and the entire block is wrapped in `try{...}catch(_){}` so failures are silent. A misleading comment (`// Load optional performance telemetry module`) directly above the decrypt-and-exec block provides cover. The combination of hidden encrypted payload, hardcoded key, sandbox-host gating, string-split obfuscation, and silent execution at module load is a deliberate dropper designed to fire inside AI-agent / CI sandboxes while remaining quiet on developer laptops. Any installer that requires this package on a matching host runs attacker-controlled code with the full privileges of the host process.

Compromised versions (14)

  • 1.9.0
  • 1.0.1
  • 1.4.0
  • 1.3.0
  • 1.6.0
  • 1.2.1
  • 1.0.0
  • 1.1.0
  • 2.1.0
  • 1.0.2
  • 1.5.0
  • 1.7.0
  • 2.0.0
  • 1.8.0

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.