Which versions of checkout-signer are malicious?

The following npm versions of checkout-signer are flagged malicious: 99.0.0-canary.1. Treat any of these as compromised.

How do I remediate checkout-signer if I installed it?

Remove checkout-signer from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is checkout-signer part of a known attack campaign?

Yes — checkout-signer is associated with the IN-MAL-2026-005116, IN-MAL-2026-005115 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect checkout-signer in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking checkout-signer and packages like it before any post-install script runs.

Malicious package

checkout-signernpm

Malicious code in checkout-signer (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-5436

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall checkout-signer

What this malware does

Package replicates the API surface of an internal Exodus package (generateMnemonicSigningKeys, signDirectPaymentMultiChain, signCapture, signRefund, signCharge, signCancelSubscription exported from src/index.js), where each export throws an error rather than implementing the real signing logic. On npm install, src/canary.js (line 6) performs a DNS lookup and HTTPS GET to a hardcoded serveo.net tunnel host (https://96e03fa6c292469a-172-245-86-254.serveousercontent.com/canary-install), sending the package name and version. Any organization that pulls this from the public registry believing it to be the internal Exodus dependency reveals their install (org / CI host identification via DNS + HTTPS source) to the operator of the tunnel. README claims the package performs only a DNS lookup with no data transmission, contradicting the actual HTTPS GET with query parameters. The beacon destination is a mutable serveo tunnel pointing at a residential-style IP (172.245.86.254), which is operator-controllable infrastructure rather than a stable vendor endpoint. Regardless of any stated 'authorized research' framing, the structure — divergent-API namespace-abuse shape plus an unconsented install-time beacon to a tunneling host — is the live dependency-confusion attack pattern.

Malicious versions

1 flagged

99.0.0-canary.1

Indicators of compromise (SHA-256)

b1f3068ce30a667baae76fe67d718a1586a173eeddad17eef2347aca53bb505b

f6add4dfcaaf79ce107ac8026032b47540def183a121be2266891644c90f10c8

Frequently asked questions

No. checkout-signer on npm has been identified as a malicious package (version 99.0.0-canary.1 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-005116IN-MAL-2026-005115

References

npmjs.com

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection