Install scripts

in npm

The most common method for malware delivery on npm is through the install scripts which allow for arbitrary code execution on host systems. According to 2022 paper, 94% of malicious packages contained at least one install script. Read more about this attack vector in this blog post. Install scripts in transitive dependencies could be vectors of malicious code such as:

  • an attacker trying to access sensitive directories such as .ssh or .aws

  • an attacker trying to exfiltrate sensitive credentials or secrets

Last updated

© 2024 Garnet Labs