Which versions of aes-decode-runner-pro are malicious?

The following npm versions of aes-decode-runner-pro are flagged malicious: 1.0.1, 1.0.2, 1.0.3, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.0.9, 1.0.10, 1.0.11. Treat any of these as compromised.

How do I remediate aes-decode-runner-pro if I installed it?

Remove aes-decode-runner-pro from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Can O3 Security detect aes-decode-runner-pro in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking aes-decode-runner-pro and packages like it before any post-install script runs.

Malicious package

aes-decode-runner-pronpm

Malicious code in aes-decode-runner-pro (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-4475

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall aes-decode-runner-pro

What this malware does

aes-decode-runner-pro ships an opaque 326-byte AES-GCM ciphertext (DEFAULT_FINAL_ENCODED_TEXT in src/config/defaults.js) along with a hardcoded passphrase (default-dev-passphrase) and salt (encode-npm-c-salt). The exported run() function (and runDefaultDecodedFunction() in src/pipeline/custom-codec-pipeline.js) decrypts this blob and executes the resulting string via new Function("require", runnable)(require), passing in the host's require so the decrypted code can load arbitrary Node modules (filesystem, network, child_process). The plaintext is not present in the source tree, so the actual code being run cannot be audited from the package contents. The README presents the package as an AES helper utility, but the package's primary documented entry point (pkg.run()) auto-executes hidden author-controlled code. There are no install lifecycle hooks, so npm install alone is benign; harm fires when a consumer calls the advertised run() API or runs npm start/npm test against the package. The combination of hardcoded ciphertext + hardcoded key + new Function execution sink + misleading cover-story README is the standard hidden-payload-runner shape and not a legitimate use of AES.

Malicious versions

10 flagged

1.0.11.0.21.0.31.0.51.0.61.0.71.0.81.0.91.0.101.0.11

Indicators of compromise (SHA-256)

21c4286de42cc9b421b7bfb8451075f5fac3d004439cc19a78ffd3d6103e2935

7d2e4d5ff40593da9616ad9c185d324e9bd84253c7e73c63bbefb0e8ba84a5f0

abc470bfaa7f07d0b5c447c9340ea97f9623545acc703b8a143d4a49737bb50a

2d889fb0fd8c7bc4564c187d81448427b737ff7fe4b78a7ffe6a23c429b83b93

3343f3d9d7dfd91a206c28e4ec52f4615b830a46638d61e8dcea5a646c60dee1

5b57b940dbe6e5a732434a0f96f3d6e2253b147036af520642a17941e052b175

62b62112b1522fd678caca77d9627e6cf0bb1187188b1946655ae69e8efb1271

6833ed40c445bae86bf26db6c87a07f63dd1c8e7cb3c45a6942984e7956f59c8

a639ab645f6e137bbe61c665f9001487e234541e869d7ba2c05ed499d481a084

a84e76208311859e852fea114c26e1eff1202eeff9a463707c5ae0deec68725c

Frequently asked questions

No. aes-decode-runner-pro on npm has been identified as a malicious package (versions 1.0.1, 1.0.2, 1.0.3, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.0.9, and 2 more flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-004725IN-MAL-2026-004724IN-MAL-2026-004729IN-MAL-2026-004723IN-MAL-2026-004931IN-MAL-2026-004933IN-MAL-2026-004930IN-MAL-2026-005993IN-MAL-2026-005991IN-MAL-2026-005992

References

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection