npm · Malicious package advisory
Malware@apexcraft/nano-key
MAL-2026-6210
Malicious code in @apexcraft/nano-key (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (c46938b3634fb4de89ddf44b765e1c766c871a40fb31c54609c1b3526074e65c) @apexcraft/nano-key advertises itself as a 12-byte sortable ID generator (README and repository metadata are copied from yiwen-ai/xid-ts, an unrelated upstream project), but ships a 250KB obfuscator.io-style payload at dist/cjs/seed.cjs. package.json declares `"postinstall": "node./dist/cjs/seed.cjs"`, so the payload runs automatically on `npm install`. The same `runPrepare()` entry point is also invoked at module load: index.js line 25 calls `_seed.runPrepare()` inside `newState()`, which line 35 invokes as `defaultState = newState()` at top level — so any consumer that `require`s the package re-triggers the dropper. seed.cjs uses an RC4+base64 rotating string array decoder (`_0x554f` / `_0x1420`), control-flow flattening, a self-defending IIFE, and a debugger-protection loop to hide an AES-256-GCM-decrypted URL list. At runtime it `https.request`s those URLs, stages the response under `~/.cache` (or `%LOCALAPPDATA%` / `~/Library/Caches`), sha256-stamps the file, and executes it with `child_process.spawn(process.execPath, [file])`, with an alternate `bun` runtime branch. There is no signature or hash pinning of the fetched bytes, the destination is decrypted at runtime (mutable C2), and the package's stated purpose (ID generation) provides no legitimate reason to fetch and execute remote code. Installing or requiring this package hands arbitrary remote code execution to whoever controls the encrypted endpoint. ## Source: ghsa-malware (a93a588a8c86cfaf399f05f0c68352ac421adb4cd95f3d9c4ec6d340595c6c5a) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.
Compromised versions (9)
- 1.3.8
- 1.3.4
- 1.3.6
- 1.2.5
- 1.3.2
- 1.3.5
- 1.3.7
- 1.2.4
- 1.3.3
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.