malware
npm
@petitcode/eb-retry
discovered 2026-06-23Campaign member, decoy is a near-verbatim copy of the legitimate 'retry' package. Version 1.3.5 ships a 282KB obfuscated payload (lib/warmup.js) auto-executed via postinstall 'node lib/warmup.js'. Dual trigger: also fires at require-time because the exported retry() in lib/index.js calls warmup.runPrepare(), so the payload runs the first time application code calls retry() even when postinstall is skipped with --ignore-scripts.
Threat types
credential_stealer data_exfiltration persistence typosquat
Malicious versions
- 1.3.5 · d75a372e91c4972e…