VYPR

npm · Malicious package advisory

Malware

gpt-chat-cli

MAL-2026-6375

Malicious code in gpt-chat-cli (npm)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (e8890af695b137878736a36dae473487015eb1954c494fec0b5a6041f0817832)
collect.js bundles a host-reconnaissance and exfiltration payload. It loads child_process, fs, os, http, and https, reads os.hostname() and os.homedir(), enumerates filesystem paths via fs.existsSync(), and POSTs the collected data to the hardcoded endpoint http://aab.sportsontheweb.net (collect.js line 13, POST at line 366). The destination is unrelated to any documented purpose of a 'GPT chat CLI' package and matches the shape of a system-information stealer. Installing this package places attacker-controlled data-collection code into the install tree.

Compromised versions (2)

  • 1.0.1
  • 1.0.2

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.