npm · Malicious package advisory
Malwareevil-pkg
MAL-2026-6374
Malicious code in evil-pkg (npm)
Details
---
_-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (9fafd2d99f9cf4494726ad31b7444c029e6af96702066992ae4b0741c5239b1a)
Package declares `"bin": {"node": "./shim.js"}` in package.json, which registers `shim.js` as the `node` command in `node_modules/.bin`. In any environment where `node_modules/.bin` is prepended to PATH (notably Bun, but also any shell or tool that resolves binaries through the local bin directory), subsequent invocations of `node` — including those made by other packages' lifecycle scripts during the same install — will execute `shim.js` instead of the real Node.js runtime. When triggered, `shim.js` writes `/tmp/.bun-npm-pwned` and prints a hijack banner to stderr. The current payload is a benign marker, but the mechanism is a fully functional unconsented code-execution channel on the installer's machine: any code placed in `shim.js` would run with the installer's privileges whenever a sibling package invokes `node` during install. The package's own README markets this behavior as a PATH-poisoning attack proof-of-concept (`BunnyHijack`) and explicitly notes that a real attacker would use the same vector to exfiltrate `.env`, `~/.ssh`, and `~/.npmrc`. Hijacking a core runtime command name is not a legitimate use of the `bin` field and constitutes a deliberate supply-chain attack mechanism shipped to the registry.
Compromised versions (6)
- 1.0.0
- 1.0.1
- 1.0.5
- 1.0.4
- 1.0.2
- 1.0.3
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.