// npm package
@delorenj/pjangler
Project subsystem bootstrapper CLI
versions
3
maintainers
1
license
MIT
first publish
2026-06-01
publisher
lasertoast
tarball
4,318,482 B
AUTO-PUBLISHED·2 versions indexed·latest published 2026-06-05
// exfil path
what is read → where it shipssteals
- ● Chromium logins
- ● Slack tokens
- ● Discord tokens
- ○ system info
- ○ home dir
sends to
- ⚙ curl | bash(fetches + executes remote payload)
// offending code· @1.1.5· 3 files flagged
llm: malicious · 0.95→ Static analyzer matched curl-pipe-bash: unambiguous remote-code-execution shape in the install path.
- @1.1.5··AUTO-PUBLISHED·publisher: lasertoastheuristic 60/100static flags 10llm malicious (0.95) via fast-trackpublish-burst:3new-publisher:0dreads-env-varsreads-system-infocurl-pipe-bashpy-pip-install-runtimereads-chromium-credsreads-slack-tokensreads-discord-tokensreads-homedirchild-process-spawnpy-urllib-request
→ Static analyzer matched curl-pipe-bash: unambiguous remote-code-execution shape in the install path.
// offending code· 3 files flagged
