Snyk security researcher deploys malicious NPM packages targeting cursor.com

Original Article ↗ Hacker News Discussion ↗

What Snyk Did and Cursor’s Response

  • Snyk researcher published several NPM packages named after Cursor’s bundled extensions.
  • Packages contained minimal code but exfiltrated username, hostname, working directory and eventually full environment variables to a remote server.
  • A Cursor developer states Cursor never published those extension names to any registry, did not commission Snyk, and considers the move “pretty irresponsible.”
  • Snyk staff in the thread and in a linked blog position this as security research into dependency‑confusion attacks, claim no malicious intent, and say no vulnerable behavior was found.

Ethics, Legality, and “Security Research”

  • Many argue this crosses from white‑hat into grey/black‑hat:
    • No authorization from Cursor.
    • Public ecosystem used as the testbed, potentially impacting any developer.
    • Exfiltrating full environment variables is seen as unnecessary for a PoC and likely illegal in some jurisdictions.
  • Others note incentives in bug‑bounty culture: reports without demonstrable impact often get ignored or underpaid, pushing researchers to collect real secrets.
  • Several emphasize that “offensive research” should be done in isolated test environments, not in production ecosystems.

Trust, Geopolitics, and Founders’ Backgrounds

  • Multiple comments highlight that Snyk was founded by veterans of an Israeli intelligence unit.
  • Some participants say this alone justifies avoiding their products (comparing to distrust of Chinese/Russian tech).
  • Others argue that:
    • Many countries’ veterans work in infosec.
    • Individuals shouldn’t be judged solely by nationality or prior mandatory service.
  • Thread devolves at points into broader debates about Israel, state surveillance, and boycotts of Israeli tech.

NPM, Dependency Confusion, and Supply Chain Risk

  • Discussion revisits dependency‑confusion attacks and NPM’s global namespace problems.
  • Suggestions:
    • Use scoped packages (@company/pkg), private registries, or internal mirrors.
    • Vendor dependencies into source control or maintain internal mirrors for auditing diffs.
  • Broader concern that NPM and other ecosystems (Python, NuGet) are rife with malicious or low‑quality packages and that systematic protection is weak.

Developer Defenses and Workflow Changes

  • Many advocate stronger isolation:
    • Per‑project VMs/containers, LXD/LXC, devcontainers, remote dev, or separate OS users.
    • Stricter handling of API keys and .env files; concern that tools like Cursor may transmit env files to servers.
  • Some propose OS‑level controls (SELinux, namespaces) and rigorous auditing/monitoring of third‑party code as long‑term mitigations.