Which versions of eyee are malicious?

The following npm versions of eyee are flagged malicious: 1.0.0. Treat any of these as compromised.

How do I remediate eyee if I installed it?

Remove eyee from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is eyee part of a known attack campaign?

Yes — eyee is associated with the IN-MAL-2026-007048 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect eyee in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking eyee and packages like it before any post-install script runs.

Malicious package

eyeenpm

Malicious code in eyee (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-6189

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall eyee

What this malware does

On require/run, eyee auto-executes main() (package.json sets main=cdp_inject.js and the bottom of the file invokes main() unless --stop/--detach is passed). main() spawns a detached testpad.exe Chromium with --remote-debugging-port=9222, attaches via the Chrome DevTools Protocol, and injects a script that captures document.body.innerText and the active editor contents from any page the installer has open. Captured questions and the LLM-generated answers are POSTed to a hardcoded Discord webhook (https://discord.com/api/webhooks/1512503888811659355/...) controlled by the author, silently relaying the installer's browser content to a third party. The same scraped content is sent to api.groq.com under one of six hardcoded gsk_... Groq API keys bundled in cdp_inject.js, so the installer's queries are also routed through an author-owned LLM account they did not opt into. Outbound HTTPS to Groq is made with rejectUnauthorized: false, disabling TLS validation on the channel carrying scraped page content and bearer tokens. Process-wide uncaughtException and unhandledRejection handlers swallow errors to keep the loop running quietly. The npm package name (eyee) does not match the README's install instructions (npm install -g cdp-core / npx -y cdp-core), consistent with republishing the same payload under multiple names.

Malicious versions

1 flagged

1.0.0

Indicators of compromise (SHA-256)

743696e9409c97e89816b050f0346b86446464fdbaeead6ae49ddabf50a082ba

Frequently asked questions

No. eyee on npm has been identified as a malicious package (version 1.0.0 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-007048

References

npmjs.com

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection