astronpm
Malicious code in astro (npm) Remove it immediately and rotate any exposed credentials.
What this malware does
This tarball is published as [email protected] but does not match the legitimate withastro/astro project (which is on the v5.x line and depends on picocolors, debug, and @astrojs/markdown-remark). The package.json declares dependencies on typosquat-shaped names on the same registry: piccolore, obug, and @astrojs/markdown-satteri. Core modules import these look-alikes unconditionally — dist/core/logger/node.js contains import { createDebug, enable as obugEnable } from "obug" and dist/cli/infra/piccolore-text-styler.js contains import colors from "piccolore" — so any require('astro') or CLI invocation causes those attacker-controlled packages to be resolved and executed inside the installer's node_modules tree. The version jump from the real 5.x line and the substitution of the standard utility dependencies with lookalike names indicate a registry impersonation of the astro framework, structured as a dependency-chain dropper.
Malicious versions
Indicators of compromise (SHA-256)
Detection & response playbook
TyposquatFind it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for astro (version 7.1.0). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging astro across your stack and pipelines.
If you installed it — respond
astro is a typosquat — you almost certainly intended a legitimately-named package. Remove astro, install the correct package, and rotate any secrets exposed during the install since post-install scripts may have already run.
Did it already run?
If astro was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks astro before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.
Frequently asked questions
Campaign
References
Credits
- Amazon Inspector · finder
Detect & block this
O3 blocks astro-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the malicious outbound activity and severs the channel.