Supply-chain threat intelligence
Risk score
92
Indexed incident for test-pkg-pnpm (npm).
On npm install, the package's postinstall script (node demo-clean.js) auto-executes two installer-side actions without consent. First, openDemo() platform-branches via execSync to open https://github.com/X3r0Day/BunnyHijack in the installer's default browser and to spawn the OS calculator (calc on Windows, open -a Calculator on macOS, gnome-calculator/kcalc on Linux) — the canonical calc.exe proof of unauthenticated code execution on the installer's host. Second, cleanup() walks every ancestor directory of INIT_CWD, process.cwd(), and the user's home directory, calling fs.rmSync(..., {recursive:true, force:true}) against paths inside each ancestor's node_modules, node_modules/.pnpm, node_modules/.bin/node* shims, ~/.npm/_npx, ~/.bun/install/cache, and tmpdir entries; cleanupPackageJson() then reads each ancestor package.json and rewrites it via fs.writeFileSync after deleting matching entries from dependencies, devDependencies, optionalDependencies, and peerDependencies. The destructive recursive-force-rm operates well outside the package's own directory and reaches the user's home tree, and the spawned-process primitive can be retargeted to any binary in a future release.
Affected versions
Indicators
Timeline