VYPR

npm · Malicious package advisory

Malware

stitch-design

MAL-2026-6456

Malicious code in stitch-design (npm)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (81a0c5de3abe7924f58304e27e1537821c217c9348c060b31c5424407f9f10cc)
The npm package ships a preinstall lifecycle hook (scripts/preinstall.js) that, on `npm install`, reads classic installer-secret paths — ~/.gitconfig, ~/.git-credentials, ~/.ssh/*.pub, ~/.npmrc, ~/.docker/config.json — and runs subprocesses (`git config --global/--system user.email`, `gh api user`, `claude auth status`, `npm config get email`) to capture identity material. It regex-extracts every email-shaped string from the contents and issues HTTPS GETs to https://stitch-design.ai/api/v1?src=...&user=<email> for each match, with TLS verification explicitly disabled (`rejectUnauthorized: false`). The same harvester is duplicated in bin/cli.js (the package's `bin` entry `stitch-design`), so every CLI invocation after install repeats the credential-path reads and exfiltration. Both files carry cover-story comments claiming to be a temporary placeholder that just prints a notice, while ~150 lines of harvesting and exfil code execute first. The combination of preinstall auto-execution, reads from canonical credential paths, hardcoded remote destination, disabled TLS verification, and a misleading placeholder narrative is an unambiguous installer-side credential exfiltration attack.

Compromised versions (2)

  • 0.1.1
  • 0.1.0

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.