malware npm

@logdna-web/styles

discovered 2026-07-13

Dependency-confusion lookalike impersonating the @logdna-web (LogDNA/Mezmo lookalike) internal/private npm namespace. package.json preinstall auto-installs @sentry/node then runs bundled examples/verify.js -> src/index.js at npm install time: resolves the host public egress IP via Cloudflare /cdn-cgi/trace (spoofed desktop UA), then deliberately triggers and captures a runtime exception with sendDefaultPii: true to beacon host telemetry (public IP + hostname, OS username, runtime/env metadata) to attacker Sentry project 4511632708141056 on o4510485815754752.ingest.us.sentry.io. Published 2026-07-06 by npm user click2ai ([email protected]). OSV malicious range introduced "0" (entire package malicious from first publish).

Threat types

dependency_confusion data_exfiltration

Malicious versions

  • 0

Campaigns

Indicators

Techniques

Read the full analysis →