@common-stack/generate-plugin hijacked — PolinRider-linked RAT in two alpha releases
Sonatype disclosed on 2026-05-21 that two alpha releases of @common-stack/generate-plugin (9.0.2-alpha.21, 9.0.2-alpha.22, published ~2026-05-20–21) ship an install-time stager that pulls a second-stage RAT. Tradecraft overlaps the DPRK-linked PolinRider / Contagious Interview cluster. Package draws ~1,100 weekly downloads as a Node.js plugin scaffolding helper, so any developer machine that ran it during local install should be treated as compromised.
- Threat actor
- PolinRider (DPRK / Contagious Interview cluster)
- Detected by
- Sonatype
- Also known as
- PolinRider npm hijack · common-stack generate-plugin compromise
- Ecosystems
- npm
- Packages tracked
- 1
What happened
On 2026-05-21 Sonatype published an analysis of two compromised alpha releases of @common-stack/generate-plugin, an npm package used as a plugin / scaffolding generator in Node.js developer workflows with roughly 1,100 weekly downloads. The malicious versions 9.0.2-alpha.21 (tarball shasum b2a728333862dcc5402626f88c5cfad32d8ed16b) and 9.0.2-alpha.22 (tarball shasum d2783ec5b5cf22b85f379c04c8ddde079abb6d18) were pushed by the maintainer account common-stack (none@cdmbase.com), with 9.0.2-alpha.22 representing the latest published release on the package as of disclosure.
The attack chain is install-time: embedded code in the package executes during npm install, attempts to retrieve a second-stage payload from attacker-controlled infrastructure, and runs it on the host. Sonatype attributes the compromise to PolinRider, a DPRK-linked actor previously documented in the OpenSourceMalware PolinRider dossier and connected to the broader Lazarus / Contagious Interview / TasksJacker clusters. Attribution rests on overlapping tradecraft — file-targeting heuristics, obfuscation patterns, install-time execution, and second-stage retrieval behaviour — rather than infrastructure reuse, so treat the link as a high-confidence tradecraft signal rather than hard attribution.
Unlike the prior PolinRider tailwind-CSS typosquats (tailwindcss-style-animate, tailwind-mainanimation, tailwind-autoanimation, etc.) and the broader campaign against ~1,950 GitHub repos owned by ~1,050 maintainers tracked through April 2026, this incident is a hijack rather than a typosquat: the legitimate common-stack publisher account pushed the malicious alphas. That is a meaningful escalation. Scaffolding generators are run with elevated developer trust — they execute code by design, often outside the normal CI sandbox, and frequently against fresh project trees — making them an ideal staging point for credential and source-tree exfiltration.
GitHub Advisory Database did not have a published GHSA for the package at ingest time (2026-06-01). The npm registry still serves the two malicious tarballs at the URLs https://registry.npmjs.org/@common-stack/generate-plugin/-/generate-plugin-9.0.2-alpha.21.tgz and …-9.0.2-alpha.22.tgz, so any lockfile or proxy mirror that resolved them during the exposure window will continue to do so until npm formally removes them. CVSS 8.7 (high) per Sonatype scoring.
- Publisher:
common-stack(none@cdmbase.com). - Malicious versions present in the registry as of ingest; cleanest known release is
9.0.2-alpha.20and earlier on the9.0.2-alphaline. - Attribution: PolinRider tradecraft overlap (Sonatype). Related to the Lazarus / Contagious Interview cluster previously covered in
npm-2026-02-27-stegabin-contagious-interview.tsandmulti-2026-04-07-contagious-interview-5-ecosystems.ts, but treated separately here because Sonatype did not assert direct cluster identity.
Affected packages (1)
- npm
@common-stack/generate-plugin9.0.2-alpha.219.0.2-alpha.22
Impact
- Install-time
postinstallscript downloads and executes a second-stage RAT payload on developer / build machines - Scaffolding/generator packages are typically run with elevated trust during local development — broader access to credentials, source trees, and propagation paths than runtime-only deps
- Tradecraft overlap with PolinRider (file-targeting heuristics, obfuscation pattern, install-time execution chain) implies follow-on objectives consistent with the Lazarus / Contagious Interview clusters: SSH keys, browser credentials, crypto wallets, environment variables
- ~1,100 weekly downloads — modest blast radius, but the package sits in dev tooling rather than production deps, so most installs land on engineer workstations
- No published GHSA at ingest time (2026-06-01); confirmation rests on the Sonatype Repository Firewall detection plus direct registry verification of the two malicious tarball shasums
What to do
- 1Treat any host that installed
@common-stack/generate-plugin@9.0.2-alpha.21or9.0.2-alpha.22as fully compromised — remove the package and rebuild the workstation from a known-good image - 2Rotate every credential reachable from the affected workstation: SSH keys, GitHub PATs, npm tokens, AWS/GCP/Azure profiles, browser-stored secrets, crypto wallet seed phrases
- 3Pin
@common-stack/generate-pluginto<= 9.0.2-alpha.20or the prior stable line until the maintainer publishes a clean release and confirms the publisher account is recovered - 4Audit lockfiles, CI caches, and any internal package mirror for the two malicious version tarballs (shasums
b2a728333862dcc5402626f88c5cfad32d8ed16bandd2783ec5b5cf22b85f379c04c8ddde079abb6d18) - 5For organisations running PolinRider hunts already: cross-reference the OpenSourceMalware/PolinRider scanner IoCs and treat any host with both a
common-stackinstall and previous PolinRider indicators as a high-priority forensic target - 6Disable
postinstallscript execution by default in developer environments (npm config set ignore-scripts true) and run trusted scripts explicitly