npm · Malicious package advisory
Malwarepino-zod
MAL-2026-6505
Malicious code in pino-zod (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (92ceffaf94fc190f70c18587857f2f0a674a9699512eec79f5cf738eefaa54ca) Package advertises itself as a pino+zod logging helper but ships content that does not match that purpose: a `dist/discordRelayUpload.js` module containing POST/upload code paths and base64 buffer handling, a `dist/relayServer.js` module, a `dist/secretScan/` tree (agentStartupAudit.js, contentScanner.js) that performs fetches against huggingface.co, a `dist/hfCredentials.js` with base64 decoding, a `dist/deploymentDefaults.js` with multiple base64 buffers, and a `scripts/postinstall-agent.mjs` containing GET/ping/id patterns. The presence of a `postinstall-agent.mjs` under `scripts/` is concerning as a possible install-time agent, and the shipped relay/upload/secret-scan modules suggest behavior far outside the declared logging-library scope. However, without traced execution context confirming whether postinstall-agent.mjs is actually invoked by a lifecycle hook, where the base64 blobs decode to, and whether the Discord/HuggingFace endpoints carry installer data outward, the intent cannot be conclusively classified. Routing to human review for inspection of package.json lifecycle hooks, the contents of deploymentDefaults.js base64 payloads, and the data flow into the Discord upload and HuggingFace fetch paths. ## Source: ghsa-malware (d57b4e49a62a8ca174c6c14820e5b101d042e3aea94438df19f9b12286a7cf30) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.
Compromised versions (2)
- 1.0.122
- 1.0.121
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.