Listen to this Post

Introduction:
A recently discovered supply‑chain attack against the npm registry highlights how easy it has become for attackers to embed information‑stealing code in seemingly harmless packages. The package, named mouse5212-super‑formatter, uses a `postinstall` script to exfiltrate all files from the `/mnt/user‑data` directory—the default workspace folder for Anthropic’s Claude AI tool—and uploads them to a GitHub account controlled by the attacker. This breach underscores the need for developers to scrutinise npm dependencies and to adopt technical controls that block malicious `postinstall` hooks before they can execute.
Learning Objectives:
- Recognise the risks of npm
postinstall,preinstall, and `install` scripts as vectors for supply‑chain malware. - Learn how to scan a project for vulnerable or malicious dependencies using both native npm commands and community tools.
- Implement safe‑install workflows and CI/CD gates to prevent execution of untrusted lifecycle scripts.
You Should Know:
- Anatomy of the Attack – How `mouse5212-super-formatter` Worked
The malicious package, which was downloaded 676 times before being taken down, relied on three core techniques: a hard‑coded GitHub token, the `postinstall` hook, and targeted file collection.
Step‑by‑Step Explanation of What the Malware Did
- Automatic execution on installation – As soon as a developer ran
npm install mouse5212-super‑formatter, the `postinstall` script defined in the package’s `package.json` was triggered. No user interaction is required for this stage. - Authentication to GitHub – The script tried to read a GitHub access token from the environment; if none was available, it fell back to a hard‑coded token that was inadvertently left inside the package. This hard‑coded credential allowed OX Security researchers to trace the exfiltration activity.
- Creating the attacker’s repository – The malware checked whether a target repository existed under a threat‑actor‑controlled GitHub account (
github.com/unplowed3584). If the repository was not present, it created one automatically using the GitHub API. - Recursive file collection – The script recursively walked through the `/mnt/user‑data` directory, reading every file it found.
- Exfiltration via base64 encoding and GitHub Contents API – Each file was read, encoded to base64, and uploaded through the GitHub Contents API. The malware stored the stolen files under a randomly named folder to help the operator distinguish different theft sessions.
- Obfuscation with fake logs – To hide its activity, the script printed a fake “network connections” log that gave the impression it was sending harmless diagnostic information.
Commands to Check for the Compromised Package
On Linux / macOS / Windows (WSL):
Check your global installed packages npm list -g | grep mouse5212-super-formatter Check a specific project's dependencies cd /path/to/your/project npm list | grep mouse5212-super-formatter Search for the package in package-lock.json grep -i "mouse5212-super-formatter" package-lock.json
On Windows (Command Prompt / PowerShell):
List global npm packages and find the malicious one npm list -g | findstr "mouse5212-super-formatter" Search inside the lock file findstr /i "mouse5212-super-formatter" package-lock.json
If the package is found, it must be removed immediately, and all tokens stored in environment variables or credential files should be treated as compromised.
2. Hardening Against Malicious `postinstall` Scripts
Because a single `npm install` can run arbitrary code on your machine, you should configure your development environment to block or audit `postinstall` hooks before they execute.
Step‑by‑Step Guide – Safe `npm install` Workflow
1. Install packages with `–ignore‑scripts`
This flag prevents npm from executing any preinstall, install, or `postinstall` scripts during the download phase.
npm install --ignore-scripts
After the packages are downloaded, you can scan them for malicious patterns (see next step).
2. Use the `repo‑safe‑scan` utility for prevention
This tool is specifically designed to block installations that contain dangerous hooks. Replace your normal `npm install` with:
npx repo-safe-install
What happens behind the scenes:
– `npm install –ignore-scripts` downloads all packages without executing hooks.
– `repo-safe-scan –include-node-modules` recursively scans every downloaded dependency for dangerous patterns (e.g., curl | bash, eval, child_process, credential exfiltration).
– If no threat is found, `npm rebuild` runs the lifecycle scripts in a controlled manner.
– If a threat is detected, the installation is blocked and the scripts never execute.
3. Run a pre‑install risk analysis with `guard‑install`
`guard‑install` analyses package metadata, download counts, maintainer information, and script content before any code is run. It also always performs an `–ignore‑scripts` installation.
npx guard-install mouse5212-super-formatter --dry-run npx guard-install express --yes
For full project auditing:
npx guard-install --audit
The tool produces a risk score from 0–100 and a human‑readable verdict (Trusted / Needs review / Risky).
- Use `typoguard` to catch typosquatting and suspicious scripts
`typoguard` scans your `package.json` and installed `node_modules` for typosquatting (e.g., `axois` instead ofaxios), dangerous `postinstall` patterns, and heuristics like very new packages or single maintainers.Install as a dev dependency npm install --save-dev typoguard Scan all dependencies in the current project npx typoguard scan . Generate a CI‑friendly JSON report npx typoguard scan . --json > typoguard-report.json
To block installations automatically, add this to your
package.json:"scripts": { "preinstall": "typoguard preinstall" }If `typoguard` detects a high‑risk threat, the `preinstall` hook will exit with a non‑zero code and stop the installation.
-
Detecting Compromised npm Packages Already in a Project
If you suspect that a malicious package has already been installed, you need to scan your existing `node_modules` tree and review your lock files.
Step‑by‑Step Incident‑Response Commands
- Run `npm audit` to identify known vulnerabilities and malware
`npm audit` checks your installed dependencies against a public database of security advisories.npm audit npm audit fix Automatically upgrade vulnerable packages npm audit fix --dry-run See what would change without modifying files
If you need to force updates that may introduce breaking changes:
npm audit fix --force
-
Scan your lock file for specific compromised packages
Tools like `check‑compromised‑npm‑packages` compare your `package‑lock.json` against a known list of compromised versions.npx check-compromised-npm-packages
For a more comprehensive scan that inspects the actual `node_modules` directory:
npx package-security-checker
3. Manually review `postinstall` scripts of suspicious packages
List all packages that define lifecycle hooks:
On Linux / macOS grep -r "postinstall" node_modules//package.json On Windows PowerShell Get-Content node_modules\package.json | Select-String "postinstall"
If a package’s `postinstall` contains suspicious commands (e.g., curl, wget, base64, eval), investigate that package immediately.
4. Remove the malicious package and clean up
npm uninstall mouse5212-super-formatter rm -rf node_modules rm package-lock.json Delete the lock file to force a clean reinstall npm install --ignore-scripts Reinstall everything safely
4. Hardening CI/CD Pipelines Against Supply‑Chain Attacks
Continuous Integration pipelines are a prime target because they often hold sensitive tokens (e.g., GitHub deployments, cloud credentials). You should configure your CI environment to ignore scripts by default and to perform a security gate before executing any build step.
Step‑by‑Step Guide for CI/CD Hardening
1. Set `NPM_CONFIG_IGNORE_SCRIPTS=true` in your CI environment
This environment variable tells npm never to run lifecycle scripts, regardless of any `package.json` setting.
export NPM_CONFIG_IGNORE_SCRIPTS=true Or on Windows (Command Prompt) set NPM_CONFIG_IGNORE_SCRIPTS=true
- Add a pre‑install security scan as a separate pipeline stage
For example, in GitHub Actions:
- name: Scan dependencies for malicious patterns run: | npx typoguard scan . --json npx guard-install --audit --ci
3. Use a private npm proxy with allow‑listing
Tools like `verdaccio` or JFrog Artifactory can be configured to cache and review packages before they are allowed into your organisation. This provides an extra layer of protection because you can block newly published packages until they are manually vetted.
- Rotate all CI secrets after any suspicious dependency event
If a pipeline has ever executed a malicious `postinstall` script, assume that every secret available in that environment (e.g.,NPM_TOKEN,GH_TOKEN,AWS_ACCESS_KEY_ID) has been compromised. Rotate them immediately.
What Undercode Say:
- Supply‑chain security is no longer optional – The `mouse5212‑super‑formatter` incident is a textbook example of how a single `postinstall` hook can steal sensitive AI project data. Developers must treat every `npm install` as a potential security boundary.
- AI lowers the bar for malware authors – The hard‑coded GitHub token and poor operational security (OPSEC) suggest that the attacker may have used an LLM to generate the code without understanding basic tradecraft. As LLMs become more powerful, we will see a flood of “sloppy malware” that nonetheless causes real damage.
Expected Output:
The malicious package `mouse5212-super-formatter` was removed from the npm registry, and the associated GitHub account `unplowed3584` was taken down. However, during the time it was active, it was downloaded 676 times, and OX Security observed several active exfiltration sessions before the repository was taken down. Developers who installed the package must revoke any GitHub or cloud tokens stored in their environment and treat all files in `/mnt/user-data` as compromised.
Prediction:
Within the next 12 months, attackers will begin using LLM‑generated code to mass‑produce typosquatted and lifecycle‑hook‑based malware across all major package registries (npm, PyPI, RubyGems, Maven Central). Package managers will be forced to introduce “safe‑by‑default” installation modes that require explicit user consent before executing any `postinstall` script. Until then, the burden of verification rests squarely on the developer, and tools like `guard‑install` and `repo‑safe‑scan` will become essential parts of every secure development pipeline.
🎯Let’s Practice For Free:
IT/Security Reporter URL:
Reported By: Hackermohitkumar Warning – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]


