Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

MAL-2026-10422: Malicious code in sso-users-detection (npm)

0
High
Published: 07/13/2026 (07/13/2026, 07:00:55 UTC)
Source: GCVE Database
Product: sso-users-detection

Description

The npm package sso-users-detection version 99.9.1 is identified as a hollow package with no legitimate content. Its installation causes npm to fetch and install a runtime dependency named ltdisafe from a third-party Google Cloud Storage bucket, bypassing npm registry scanning. This behavior is consistent with a dependency confusion attack designed to smuggle attacker-controlled code into the dependency tree.

Affected software

npmghsa
sso-users-detection
Affected versions
=99.9.1

Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/13/2026, 09:26:33 UTC

Technical Analysis

The sso-users-detection package at version 99.9.1 is a malicious npm package that acts as a dependency confusion lure. It contains no meaningful exports or metadata and uses an inflated version number. Upon installation, it pulls a runtime dependency (ltidisafe) from a raw tarball hosted on a third-party Google Cloud Storage bucket rather than the official npm registry. This external tarball and its lifecycle scripts are fully controlled by the attacker, allowing arbitrary code execution during installation. The package's design bypasses npm registry scanning, increasing the risk of unnoticed malicious code execution in projects that include it.

Potential Impact

If installed, this package causes npm to execute attacker-controlled code from an external source during the installation process. This can lead to arbitrary code execution on the developer's machine or build environment, potentially compromising the system or the software supply chain. The malicious package does not appear to have known exploits in the wild at this time.

Mitigation Recommendations

No official patch or fix is available for this package. The best mitigation is to avoid installing sso-users-detection version 99.9.1 and audit dependencies for suspicious or hollow packages. Since the malicious code is hosted outside the npm registry, reliance on npm registry scanning alone is insufficient. Developers should verify package provenance and avoid dependencies with empty metadata and unusual versioning. Monitoring for updates or advisories from npm or security vendors is recommended.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Gcve Source
db.gcve.eu
Osv Id
MAL-2026-10422
Osv Schema Version
1.7.4
Aliases
[]
Ecosystems
["npm"]
Database Specific Severity
null
Cvss Version
null

Threat ID: 6a54ad9c68715ace438f3cd7

Added to database: 07/13/2026, 09:19:24 UTC

Last enriched: 07/13/2026, 09:26:33 UTC

Last updated: 07/13/2026, 09:26:33 UTC

Views: 2

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses