Which versions of xy-shared are malicious?

The following npm versions of xy-shared are flagged malicious: 999.0.0. Treat any of these as compromised.

How do I remediate xy-shared if I installed it?

Remove xy-shared from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is xy-shared part of a known attack campaign?

Yes — xy-shared is associated with the IN-MAL-2026-006364, IN-MAL-2026-006365 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect xy-shared in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking xy-shared and packages like it before any post-install script runs.

Malicious package

xy-sharednpm

Malicious code in xy-shared (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-5746

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall xy-shared

What this malware does

package.json wires both preinstall and postinstall to node callback.js, which auto-executes on npm install. callback.js collects username, uid/gid, hostname, home directory, cwd, local network interfaces, and the external IP (fetched from api.ipify.org). It enumerates CI metadata (GITHUB_REPOSITORY, GITHUB_ACTOR, GITLAB_USER_LOGIN, JENKINS_URL, BUILD_NUMBER, etc.) and probes for the presence of AWS_ACCESS_KEY_ID, GITHUB_TOKEN, NPM_TOKEN, and DOCKER_PASSWORD in the environment. The aggregated JSON is POSTed to a hardcoded Discord webhook (discord.com/api/webhooks/1515440532359352331/...). A secondary covert channel base64-encodes package name, username, hostname, and a timestamp into a DNS subdomain and issues a dns.resolve query to leak the data when HTTP egress is restricted. The package is published at version 999.0.0 under a generic shared-library name — the canonical dependency-confusion shape designed to outrank internal xy-shared packages in resolvers that mix public and private registries. Self-described 'PoC' framing does not change the installer-side impact: any build that resolves this package leaks identity and CI-secret-presence flags to an attacker-controlled endpoint.

Malicious versions

1 flagged

999.0.0

Indicators of compromise (SHA-256)

d631443367624273d8b7d3347b2e173a72f3f7447424f25424dab8e68c4b1a25

dce85557643b0c4f8c9657100700bfb7ba8384da7bbc6ef44b907edf3b5db11e

Frequently asked questions

No. xy-shared on npm has been identified as a malicious package (version 999.0.0 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-006364IN-MAL-2026-006365

References

npmjs.com

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection