OSV-MAL-2026-5737

Malicious code in postcss-minify-selector-parser (npm)

--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (957f5cbb74f4dd4b4770e8c9cc1a8aac88a4450cb01dbc0fa5242c42e343f54c) The package name impersonates the widely-used postcss-selector-parser library (which it also declares as a dependency and re-exports verbatim from src/selector-parser.js, providing cover for installers who mistype the real package). On top of that legitimate re-export, the package ships a sealed AES-GCM ciphertext as DEFAULT_FINAL_ENCODED_TEXT in src/config/defaults.js together with a hardcoded passphrase (`default-dev-passphrase`) and salt. src/pipeline/custom-codec-pipeline.js line 53 decrypts the blob and evaluates the cleartext via `new Function("require", runnable)(require)`, handing the decrypted code full `require` capability on the installer's machine. This decode-and-eval path is reachable through the package's exported `run` / `decodeAndRunPlain` / `runDefaultDecodedFunction` API, through `require('postcss-minify-selector-parser/cjs-runner')`, and through the bundled `runtime/lib.min.js` and `scripts/cjs-runner.js`. The README documents none of this — it presents the package as a CSS selector parser. The combination of typosquat name, hidden encrypted payload, multi-layer custom codec pipeline (position-unit-codec + encode-decode-codec + AES-GCM) used solely to wrap that payload, and direct `new Function(require)` execution of the decrypted bytes is the canonical opaque-blob-eval supply-chain attack shape. Author field is empty, no repository URL is declared, license is generic ISC.