Which versions of metrics-probe-dc85 are malicious?

The following npm versions of metrics-probe-dc85 are flagged malicious: 1.0.0. Treat any of these as compromised.

How do I remediate metrics-probe-dc85 if I installed it?

Remove metrics-probe-dc85 from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is metrics-probe-dc85 part of a known attack campaign?

Yes — metrics-probe-dc85 is associated with the IN-MAL-2026-006901 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect metrics-probe-dc85 in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking metrics-probe-dc85 and packages like it before any post-install script runs.

Malicious package

metrics-probe-dc85npm

Malicious code in metrics-probe-dc85 (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-5983

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall metrics-probe-dc85

What this malware does

On install, package.json declares postinstall: node run.js, which auto-executes run.js when the package is installed. run.js imports os, fs, http, https, and child_process, collects host identity via os.hostname() and os.platform(), reads from the local filesystem, and POSTs the gathered data over HTTP/HTTPS. The combination of automatic install-time execution, host-identity enumeration, filesystem reads, and outbound POST traffic is the canonical install-time host-fingerprinting / exfiltration pattern. Installing this package causes the installer's machine identity and local file content to be sent to a remote endpoint without consent.

Malicious versions

1 flagged

1.0.0

Indicators of compromise (SHA-256)

aaa3316d23c1a348fb5c68a36eb775ca51f90d0e44973508dd5a8ba5a139e932

Frequently asked questions

No. metrics-probe-dc85 on npm has been identified as a malicious package (version 1.0.0 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-006901

References

npmjs.com

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection