New research has discovered over 800 packages in the npm registry that have discrepancies from registry entries, of which 18 were found to exploit a technique called obvious confusion.
The findings come from cybersecurity firm JFrog, which said the issue could be exploited by threat actors to trick developers into executing malicious code.
“It is a real threat as developers could be tricked into downloading packages that appear innocent, but whose hidden dependencies are actually malicious,” security researcher Andrey Polkovnichenko told The Hacker News.
Manifest confusion was first documented in July 2023, when security researcher Darcy Clarke discovered that discrepancies in manifest and package metadata could be weaponized to mount software supply chain attacks.
The problem arises because the npm registry does not check whether the manifest file contained in the tarball (package.json) matches the manifest data provided to the npm server during the publishing process via an HTTP PUT request to the package URI endpoint.
As a result, a threat actor could take advantage of this lack of cross-verification to provide a different manifest containing hidden dependencies that is processed during package installation to covertly install malicious dependencies on the developer’s system.
“The visible, or ‘fake,’ manifest can mislead developers and even auditing tools that rely on data available in the npm registry database,” JFrog said. “Actually the installer takes the package.json file from the tarball, which may be different from the visible one provided in the HTTP PUT request.”
The company said it identified more than 800 packages where there was a mismatch between the manifest in the npm registry and the package.json file within the tarball.
While many of these discrepancies are the result of differences or variations in protocol specifications in the script section of the package file, 18 of them are said to have been designed to exploit the apparent confusion.
One notable package in question is yatai-web-ui, which is designed to send an HTTP request to a server with information about the IP address of the machine on which the package was installed.
The results show that the attack vector appears to have never been used by the threat actors. That said, it’s critical that developers take steps to ensure packages are free from suspicious behavior.
“Since this issue has not been resolved by npm, trusting packages only as they appear on the npm website could be risky,” Polkovnichenko said.
“Organizations should introduce procedures that verify that all packages that enter the organization or that are used by their development teams are safe and reliable. Particularly in the case of obvious confusion, it is necessary that each package is analyzed to see if there is any there are hidden dependencies.”