Supply-chain threat intelligence
Risk score
92
Indexed incident for ls-env-config (npm).
Package declares a preinstall script (node./index.js) that fires automatically on npm install. The executed index.js issues an HTTP GET to a Burp-Collaborator-style subdomain at 85324cf9ac5145428803ea[...].collaborator.zivyelab.com/hello01?test=01. This confirms code execution on the installer's machine and a DNS/HTTP callback to a non-first-party host on every install, leaking host and network reachability information. The pattern is consistent with a dependency-confusion probe; regardless of stated intent, it executes on any installer and beacons to a third-party collaborator endpoint.
Affected versions
Indicators
Timeline