npm · Malicious package advisory
Malwaredisksweep
MAL-2026-6535
Malicious code in disksweep (npm)
Details
---
_-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (31a2c10aba7f3468458529214868e2d8acd9717eb7985c47ab10cf4aed64f87c)
The package ships a 2.9 MB Windows PE32+ executable at bin/native/parser.node (sha256 b1aace6c70312a39ca39e6bba1d9abc6aaf9b23171089b1a548adc89f67f83c3) that is not mentioned in the README or CHANGELOG. src/index.js (lines 30-34) contains a loader that resolves this file via __dirname and calls process.dlopen(module, p) inside a try/catch, which would load the binary as a native Node addon with full FFI access to the host process. The README explicitly claims 'Zero runtime dependencies… nothing to audit', directly contradicting the presence of an opaque attacker-supplied native binary. The current release is dormant on most installs because the package declares ESM ('type':'module') while the loader uses CJS-only globals (require, __dirname, module), so the dlopen call throws and is swallowed — but the binary is staged on disk and a one-line patch (switching to createRequire or fileURLToPath) flips it live for every installer. Supporting weak-attribution signals: package.json repository.url points at the npm package page rather than a real source repository, bugs.url is the same placeholder, author is the generic 'disksweep contributors', and CHANGELOG documents only v1.0.0 despite the published version being 3.0.0. The combination of opaque Windows-only native binary, doc/contents mismatch ('zero dependencies' marketing), placeholder metadata hiding maintainer identity, and a pre-wired dlopen loader is the staged-native-payload pattern.
Compromised versions (2)
- 3.0.0
- 1.0.0
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.