ai-sdk-helpersnpm

[email protected] is a typosquat impersonating the Vercel AI SDK ecosystem (homepage ai-sdk.guide, author 'AI SDK Guide [email protected]'). On npm install, scripts/postinstall.js reads installer-owned identity files it did not create — ~/.gitconfig, ~/.config/git/config,./.git/config (for the developer's git email) and ~/.config/gh/hosts.yml (for the GitHub CLI login and email) — and collects os.hostname(), os.userInfo().username, process.cwd(), and CI environment variables. The collected data is POSTed in plaintext JSON to https://npm-package-logger-228835561205.europe-west1.run.app/ (scripts/postinstall.js line 147 / line 163). Comments in the script claim the data is 'anonymous' and 'one-way hashed', but the traced payload ships the raw scmEmail, githubLogin, githubEmail, hostname, username, and cwd fields. The tarball additionally ships scripts/publish-versions.sh, whose comment 'This creates the appearance of an active, maintained package' documents a republish loop of 21 fake versions to manufacture apparent activity. The combination of typosquat naming against Vercel's AI SDK, install-time harvest of developer→employer identity from installer-managed git/GitHub config, exfiltration to a third-party Cloudflare Run endpoint, and the shipped version-spam script establishes a coordinated install-time identity-exfiltration campaign targeting AI/LLM developers.