How do I remediate hpsetup if I installed it?

Remove hpsetup from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Can O3 Security detect hpsetup in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking hpsetup and packages like it before any post-install script runs.

Malicious package

hpsetupnpm

Malicious code in hpsetup (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-4579

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall hpsetup

What this malware does

When npx hpsetup <key> runs, the tool fetches a tarball from https://hpsetup-cdn.932324.xyz/api/tarball/<slug>/<version>?key=<userKey> and extracts it directly into node_modules/@heroui-pro/react (or heroui-native-pro) with no hash check, no signature verification, and no version pin to a publisher origin (src/constants.js:16, src/download.js:24). The destination is a numeric .xyz subdomain unrelated to HeroUI's real publisher infrastructure, and the package itself ships no homepage, repository, or author fields linking it to heroui.com — yet it brands itself as the HeroUI Pro setup tool and writes into the @heroui-pro scope on the consumer's disk. Whatever bytes the CDN returns become the React component library required at runtime, giving the operator of 932324.xyz arbitrary code execution in every consuming application. The user's license key (HEROUI_KEY / hp_xxx) is appended as ?key=<userKey> to every CDN fetch, silently relaying paying-customer credentials to the lookalike host (src/download.js:24). After download, the tool patches vercel.json to set installCommand: npx -y hpsetup@latest <userKey> (src/vercel.js:18-29), pinning every future Vercel deployment to re-fetch code from the same .xyz CDN and re-send the key — non-interactive runs skip the prompt and apply this automatically. The downloaded tarball's dist/postinstall/ directory and scripts.postinstall entry are silently scrubbed from the package.json before the package manager sees it (src/download.js:11-19), concealing whatever lifecycle script the CDN delivered from npm/pnpm/bun audit and trust prompts. Before any user prompt, the flow also patches pnpm-workspace.yaml allowBuilds / pnpm.onlyBuiltDependencies / trustedDependencies to auto-trust @heroui-pro/react and heroui-native-pro (src/install.js:80-92, src/trust.js:1), elevating the privilege of CDN-delivered code without consent. The combination — non-publisher mutable code drop, license-key exfiltration to that same host, CI persistence, postinstall concealment, and silent trust-store mutation — is unambiguous attacker infrastructure impersonating HeroUI Pro.

Malicious versions

11 flagged

4.5.3-beta.74.5.3-beta.154.5.3-beta.214.5.5-beta.04.5.5-beta.24.5.5-beta.34.5.5-beta.74.5.5-beta.84.5.5-beta.94.5.7-beta.14.6.0

Indicators of compromise (SHA-256)

16ed0c34d69e1ea3c5052e3eed20b87fc47e8d4bf1393f7117d34b847347e12c

c6d41c41818cea16846d0c53de7213a5ae75b338b9be0a31d3b8f8cf9b732fb0

cfedaf7d6d7d2e5179dc4e4de9d285ad23d5fe0301c092b645d7b2366008f3e0

f4117e096edeba8ed55669dfbd80e9bde0f1275b01f2aaa5a34f3d7ce593e43f

feb7be854981e59ab670c35dad6da08ab5d7e5113ec30f15ad24fc87547f65d2

4b9473fd8455718f8a877a38eeb82104b692f00e13b0421f6a03ef285969541e

56ddba5d5d70ba490441bdcbd64b502d09700e975a15830b45b87bb9fd8d4d8f

8f7e44a55b38e79df2319abde3ebf72194f1f709f0e7fa66fd0621cd734cab31

914e178d38b1132f080800e583e4a0e9bd51e0baaa48b8192bbb55057134bf93

a1d2bb391167b94145f855e66553133a2afa977778eda22ef893950f649c11ed

b2d9e7ba2793b481e2eebe1ae9e7393c389d9d525af665ab567d6609f8d2c8b4

Frequently asked questions

No. hpsetup on npm has been identified as a malicious package (versions 4.5.3-beta.7, 4.5.3-beta.15, 4.5.3-beta.21, 4.5.5-beta.0, 4.5.5-beta.2, 4.5.5-beta.3, 4.5.5-beta.7, 4.5.5-beta.8, and 3 more flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-003333IN-MAL-2026-003331IN-MAL-2026-003330IN-MAL-2026-003784IN-MAL-2026-003821IN-MAL-2026-003868IN-MAL-2026-003796IN-MAL-2026-003787IN-MAL-2026-003360IN-MAL-2026-005814IN-MAL-2026-005815

References

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection