npm main entrypoint contains side-effecting code AFTER its last module.exports / export default — runs silently on require() and reaches a dangerous capability (install-hook bypass)
- A dist-tag (e.g. latest) was moved to this version while it was less than 1 hour old — publish-side compromise indicator
- Manifest version doesn't match any embedded version constant in the bundle — bundle may not have been rebuilt from the published manifest; review release pipeline and corroborating signals
- Install hook + shell exec + network — dropper shape (scopes may be install or runtime; install hook can transitively reach runtime caps via the postinstall entrypoint)
A dist-tag (e.g. latest) was moved to this version while it was less than 1 hour old — publish-side compromise indicator
- Dynamic code evaluation with network access — potential code injection or exfiltration
Install-time payload delivery: remote fetch + execution during install
- matched: verdict_payload_delivery_and_execution, verdict_suspicious_install_time_execution
Newly-introduced runtime execution surface (eval / shell / network) on a package published inside a coordinated burst of uninspectable ballooned bundles by the same maintainer account - stage-1 dropper precursor, failing closed
- Manifest version doesn't match any embedded version constant in the bundle — bundle may not have been rebuilt from the published manifest; review release pipeline and corroborating signals
Publisher email transitioned to a known anonymous-by-design / burner provider — account-takeover signal
- Publisher's current primary email is on a known burner / anonymous-by-design provider — ongoing hijack-shape state (persists across versions; companion to the transition signal)
Manifest version doesn't match any embedded version constant in the bundle — bundle may not have been rebuilt from the published manifest; review release pipeline and corroborating signals
- Sensitive file access with network egress — credential exfiltration pattern
- Obfuscated shell execution — concealment pattern
Sensitive file access with network egress — credential exfiltration pattern
- Obfuscated shell execution — concealment pattern
A dist-tag (e.g. latest) was moved to this version while it was less than 1 hour old — publish-side compromise indicator
- Dynamic code evaluation with network access — potential code injection or exfiltration
Import-time bundle the scanner could not fully inspect (streaming fallback on an oversized bundle) whose tarball ballooned sharply vs its last clean release and which carries a runtime execution / exfil surface (eval / shell / network) - uninspectable runtime payload, anomalous for this lineage, failing closed
npm main entrypoint contains side-effecting code AFTER its last module.exports / export default — runs silently on require() and reaches a dangerous capability (install-hook bypass)
Sensitive file access with network egress — credential exfiltration pattern
Payload delivery from suspicious source: IOC URL + execution capability
- Dynamic / forked-detached shell paired with code obfuscation — runtime dropper attribution (no install hook required)
- Bulk env-var sweep + shell exec at runtime — credential-stealer
- Bulk env-var sweep (cap-bulk-env-access reads ALL of process.env) + outbound network — credential-stealer
- Dynamic eval + network + shell exec — dropper trio (arbitrary code execution, exfiltration channel, OS access)
- Sensitive file access with network egress — credential exfiltration pattern
- Obfuscated shell execution — concealment pattern
- Dynamic code evaluation with network access — potential code injection or exfiltration
Subprocess executes the body of a network response — fetch-and-exec trapdoor (no validation between fetch and exec; cap-fetch-and-exec dataflow)
- matched: fetch_and_exec_present, verdict_runtime_payload_delivery
Payload delivery from suspicious source: IOC URL + execution capability
Install hook sends traffic to flagged target (raw IP / paste site / tunnel) — dropper
- A dist-tag (e.g. latest) was moved to this version while it was less than 1 hour old — publish-side compromise indicator
- Manifest version doesn't match any embedded version constant in the bundle — bundle may not have been rebuilt from the published manifest; review release pipeline and corroborating signals
Payload delivery from suspicious source: IOC URL + execution capability
- Dynamic / forked-detached shell paired with code obfuscation — runtime dropper attribution (no install hook required)
- Obfuscated shell execution — concealment pattern
A dist-tag (e.g. latest) was moved to this version while it was less than 1 hour old — publish-side compromise indicator
- Manifest version doesn't match any embedded version constant in the bundle — bundle may not have been rebuilt from the published manifest; review release pipeline and corroborating signals
- Dynamic code evaluation with network access — potential code injection or exfiltration