Which versions of @nstrlabs/sdk are malicious?

The following npm versions of @nstrlabs/sdk are flagged malicious: 99.0.0, 99.0.1. Treat any of these as compromised.

How do I remediate @nstrlabs/sdk if I installed it?

Remove @nstrlabs/sdk from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is @nstrlabs/sdk part of a known attack campaign?

Yes — @nstrlabs/sdk is associated with the IN-MAL-2026-005090, IN-MAL-2026-005089, IN-MAL-2026-005133, IN-MAL-2026-005132 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect @nstrlabs/sdk in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking @nstrlabs/sdk and packages like it before any post-install script runs.

Malicious package

@nstrlabs/sdknpm

Malicious code in @nstrlabs/sdk (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-5421

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall @nstrlabs/sdk

What this malware does

On npm install, package.json runs preinstall: node index.js || true, unconditionally executing index.js. The script collects host identity fields (os.hostname(), os.userInfo().username, __dirname, process.cwd(), and the package id), hex-encodes them as DNS labels, and resolves them as a subdomain of an interactsh OOB callback host (*.d8jbmnsqcfu78dfs8vdg34ohqhirb4pbg.oast.live), then also POSTs the same JSON payload to a bare IP HTTP endpoint at http://172.201.213.59:9090/c. Two independent exfiltration channels (DNS + HTTP) fire on every install, with || true swallowing errors so the exfil is silent. The package is a typosquat / dependency-confusion lure: version 99.0.1 is an unusually high pseudo-version, scope @nstrlabs and metadata (description: security research, author jeroengui) are placeholder-shaped, and the package has no other functionality — its sole effect on install is the recon beacon.

Malicious versions

2 flagged

99.0.099.0.1

Indicators of compromise (SHA-256)

431fba2bc1e6b06410274f7e3ab7e44dc0355ac6e934f788f3302ba2babe4f9e

a0b1375de7b44594cd3760efb91cb94c8c8b7137322f4597114e314ce5e14e45

0a20b9279fceb4a7db4f1c1ba696a0de954391b7305a38d196a19f2085f3d32d

b78132c899a6715cb1f453d93ac421b2f796eff921e6113865c6e62d47269d15

Frequently asked questions

No. @nstrlabs/sdk on npm has been identified as a malicious package (versions 99.0.0, 99.0.1 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-005090IN-MAL-2026-005089IN-MAL-2026-005133IN-MAL-2026-005132

References

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection