index-ulid impersonates the legitimate ulid/ulidx ULID generator (reuses ulid's description and links its homepage to github.com/ulid/javascript) but its postinstall script (package.json line 36: node dist/node/utils.js) is a cross-platform dropper. utils.js detaches with --bg, copies the bundled dist/node/payload.js into a directory named MicrosoftSystem64 under the user's data-local directory (utils.js:7 var UNIT_STEM = "MicrosoftSystem64") to disguise it as a Microsoft system component, then installs persistence on every major OS: Windows schtasks /create /sc ONLOGON (with a Registry Run key fallback), macOS detached spawn, and Linux systemd --user service or ~/.config/autostart. The dropped binary is then launched in the background as node payload.js --agent (utils.js:75-79 spawn(process.execPath, [jsPath, "--agent"], { detached: true })). The 949 KB payload.js bundles a WebSocket client/server (ws), pino, zod, and contains string references to /api/validate, /api/hf, https://huggingface.co/api, and Telegram — a long-running C2 agent that beacons to remote services from every installer host. Both the postinstall and the agent contain a sandbox-evasion CPU gate (utils.js:155 skips when cpus.length <= 4; payload.js cpu-guard sets MIN_CPU_COUNT = 5 and exits otherwise) so the dropper only fires on real developer/server machines and stays silent in malware sandboxes and small CI runners. None of this behavior is justified by a ULID library; the package is a typosquat lure for a persistent backdoor.

Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.