MalwareTips
Security Review

Is corepack.org legit or a scam?

Our verdict:Suspicious· 45/100

An unofficial impersonation of the Node.js Corepack tool that uses AI-generated imagery and has been publicly disowned by the official project maintainers.

Top reasons
Official project maintainers have publicly labeled this domain as a fake site.The site uses AI-generated imagery with visual distortions to mimic a professional tech brand.Significant typographical errors are present in the primary navigation menu.
corepack.orgScanned 1h ago
Post Facebook
0
Trust score
SUSPICIOUS
Heuristics 55·MT 40
Category tags
technologysoftware documentation#clone site90% MT confidence

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence
0/92
All engines report clean
Domain Age
5 months old
Registered Jan 25, 2026
MT Intelligence
Suspicious
Moderate likelihood · 90% confidence
SUSPICIOUS

Possible brand impersonation

An unofficial impersonation of the Node.js Corepack tool that uses AI-generated imagery and has been publicly disowned by the official project maintainers. The page looks styled like a known brand but may not be authentic. Check the URL carefully and navigate to the brand's real site before signing in or paying.

Website Preview

Screenshot of corepack.org
LIVE RENDER
corepack.org
1Visual risk score 75/100

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site. See full visual analysis →

Visual Screenshot Analysis

We capture a fresh screenshot of the live page and ask a vision model to look for scam visual patterns — fake trust badges, countdown timers, overlay pop-ups, and visual clones of legitimate brands.

75
/ 100
Critical visual risk

Visual red flags detected in the screenshot

The site exhibits several red flags including significant typos in the primary navigation and the use of generic AI-generated imagery to impersonate a legitimate developer tool.

Visual risk75/100

What our vision model saw

6 signals

Typographical error in navigation menu: 'Downlaod' instead of 'Download'

Use of generic AI-generated hero imagery featuring distorted characters and nonsensical tech elements

Branding 'Corepack' mimics the name of a legitimate Node.js tool but uses an unrelated, unofficial logo

Prominent 'Download Free' call-to-action button for a tool that is typically a built-in command-line utility

Unprofessional design with inconsistent spacing and generic layout patterns

Misuse of industry logos (Docker, npm, Yarn) in a stylized, non-standard artistic background

MT Intelligence

Advanced threat intelligence
MT Security Analyst
Moderate scam likelihoodengineMT · Guardiantrust40/100
MT AgentLive web researchVisual inspectionNetwork correlation
0%
Confidence
The domain imitates the branding and purpose of the official Corepack utility, which is actually a built-in part of Node.js. Our analysis found that the official project maintainers on GitHub have explicitly labeled this site as fake and warned users to ignore it. The page features several red flags, including significant typos like 'Downlaod' in the main menu and the use of distorted, AI-generated hero images. While the site currently presents as an informational blog, its lack of official affiliation and the presence of suspicious external ad network connections suggest it is used for SEO hijacking or affiliate marketing. There is no verifiable business registration or contact information provided for the operators.
Full dossier
Analysis complete

Page Content

The site provides documentation and FAQs for Corepack, a tool used to manage Yarn and pnpm versions. However, the content includes nonsensical sections about 'yarn bombing' and 'core yarn' that are irrelevant to the actual software. The visual design is unprofessional, featuring a 'Download Free' button for a tool that is typically pre-installed with Node.js.

Infrastructure

The site is hosted on a low-reputation IP address and loads scripts from several third-party ad and tracking networks. While it uses a valid SSL certificate, the lack of any corporate identity or developer contact details is a significant risk factor for a technical resource.

Domain History

Registered 150 days ago through a retail registrar, the domain has no global traffic ranking. It has no historical association with the Node.js Foundation or the OpenJS Foundation, despite using their trademarked tool names.

Web Reputation

Official maintainers of the Corepack project have opened issues on GitHub specifically to warn the community that this domain is not owned by them. They describe the information on the site as 'outdated and irrelevant' and advise all developers to avoid using it as a reference.
Risk Factors
6
  • Official project maintainers have publicly labeled this domain as a fake site.
  • The site uses AI-generated imagery with visual distortions to mimic a professional tech brand.
  • Significant typographical errors are present in the primary navigation menu.
  • No physical address, phone number, or official contact email is provided.
  • The site loads scripts from multiple external ad-tracking and performance networks.
  • The domain is relatively new (150 days) and lacks any verifiable business registration.
Positive Signals
2
  • Our antivirus network currently shows no active malware detections.
  • The site uses a valid SSL certificate for encrypted connections.
AI Recommendation
Avoid using this site for technical documentation or software downloads. Use the official Node.js website or the project's GitHub repository for verified information.
Next-gen fraud intelligence
Evidence-backedCross-checked

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for corepack.org, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Domain age
5 months
Registered Jan 2026
Business registration
No public record found
Could not match the site to a registered company — common for small sites.
Clone check
Clones nodejs.org
The page impersonates a well-known brand's site.
Typosquat check
No look-alike match
The domain doesn't resemble any well-known brand's spelling.
Web mentions
2 scam reports · 1 complaint
Key findings
7 headline facts from open-web research
  • corepack.org is a 150-day-old domain presenting detailed documentation, tutorials, and FAQs on Corepack, the official Node.js tool for per-project package manager (Yarn, pnpm, npm) version management.
  • The site claims Corepack is "bundled with modern Node.js" and provides setup guides, but includes no links to official GitHub, nodejs.org, or author information.
  • Its disclaimer page states the content is for educational purposes only, contains an affiliate marketing disclosure, explicitly says "We are not affiliated with or endorsed by any official organization unless explicitly stated," and disclai
  • GitHub issues in the official nodejs/corepack repo label the site as "fake" and note it is "not owned by the nodejs organization and it should be ignored" as it contains outdated/irrelevant information.
  • No business registration, contact details, or verifiable owner found. Searches for reviews, Trustpilot, ScamAdviser, or user complaints returned no significant additional results beyond the GitHub mentions.
  • Page content includes some odd/out-of-place FAQs (e.g., about "core yarn" or "yarn bombing"), consistent with a content/affiliate site rather than official documentation.
  • No evidence of malware, phishing, crypto scams, or direct fraud found; appears to be an unofficial informational/SEO site capitalizing on the popular open-source tool name.
Scam reports (2)
Direct quotes from public scam databases, forums, and news.
  • GitHub (nodejs/corepack)open

    "Fake https://corepack.org site · Issue #803"

  • GitHub (nodejs/corepack)open

    "https://corepack.org contains outdated & irrelevant information. It is not owned by the nodejs organization and it should be ignored."

Impersonation / typosquat
Clone of nodejs.org

Site heavily uses the name and describes the official Node.js-bundled Corepack tool (for managing Yarn/pnpm/npm versions) but has a standard disclaimer explicitly stating it is not affiliated with or endorsed by any official organization. Official project is at github.com/nodejs/corepack with docs on nodejs.org.

Research summary
Narrative write-up from our AI analyst, grounded on the facts above
Our research uncovered specific warnings from the official Node.js development community on GitHub. Maintainers have explicitly stated that corepack.org is not owned by the Node.js organization and contains irrelevant information. No business registration or legal entity could be found for the site, and its own disclaimer admits it has no official affiliation with the tools it describes.

Scam Network Intelligence

Cross-site correlation

This site shares signals with a broader cluster

Moderate correlation

Many scams don't operate alone. We correlate third-party scripts, hosting infrastructure, brand-impersonation signals, and the AI evidence package to detect when a site is part of a broader scam network.

Suspicion score
0/100
ClearLowModerateHighCritical
Evidence (1)
  • Evidence confirms this site is a clone of nodejs.org.
Linked signals (1)
Clone of nodejs.org

Antivirus Engines

Clean pass · verified
Clean across 92 engines

We cross-check every URL against our antivirus network of 92 malware and blacklist engines. None of them flagged this URL in the last scan.

0Malicious0Suspicious58Harmless92Engines
Clean
Kaspersky
Clean
Bitdefender
Clean
Microsoft
Not in pass
ESET-NOD32
Not in pass
Avira
Not in pass
Sophos
Clean
Fortinet
Clean
Google Safebrowsing
Clean
Emsisoft
Clean

No engine detections. The URL passed every antivirus and blacklist engine we queried in this scan. Stay vigilant — AV coverage is only one signal among many.

Security Scans

Blacklist Check
Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Contact Verification

We fetched the page and looked for real-world contact details. Legitimate businesses almost always publish an email on their own domain, a phone number, and a postal address. Scam shops usually don't.

What We Found
No clear contact details on the page
Emails on site's domainNone
Phone numbersNone
Postal addressNot listed
Linked social profiles0
Signal Summary
Several contact red flags
  • No contact email found anywhere on the page.
  • No phone number listed on the page.
  • No postal address visible on the page.

Domain & Encryption

Domain History
Age5 months old
RegistrarSpaceship, Inc.
RegisteredJan 25, 2026
ExpiresJan 25, 2027
Owner privacyVisible
Encryption Certificate
StatusValid
ProtocolTLSv1.3
IssuerLet's Encrypt · YR1
ExpiresSep 2, 2026 (68d)
Self-signedNo
Hosting & Technology
HostingPsychz Networks
Server locationUS
Web serverLiteSpeed
Platform / CMSWordPress

Redirect Chain

Hops
1
Cross-domain
No
Lookalike
No
Punycode
No
  • 1301http://corepack.org/
  • 2200https://corepack.org/

Server Reputation

Abuse Intelligence
Confidence score0%
Reports on file0
ISPPsychz Networks
Usage typeData Center/Web Hosting/Transit

Scam-Type Likelihood

1 scam-type patterns detected
Scam-Type Likelihood

1 of 13 categories showed signals

We check every URL against 13 distinct scam categories so the verdict tells you not just how risky the page is, but what kind of risk it carries. Each meter pulls from page signals, web reports, our AI analyst, vision, and the scam-network cluster — not from raw AV labels.

Top match: Brand Impersonation
Brand Impersonation
Moderate likelihood
30/100
  • AI analyst tagged this as a brand / clone-site impersonation.
  • Clustered with known brand-impersonation infrastructure.

Possible brand impersonation

This page is styled as a known brand but is not the brand's real site.

  • Treat corepack.org as unverified

    Do not enter credentials or send money until you have independently verified the business.

  • Go to the brand's real site directly

    Type the brand name into a search engine or open it from your bookmarks — don't use links from emails, SMS, ads, or social posts, which are the delivery vectors for impersonation.

  • Never download or sign in here

    Even if the page "just" offers a download or a giveaway, impersonation pages frequently deliver malware or set up follow-up phishing. Assume anything accepted from this site is hostile.

  • Report the impersonation to the brand

    Most major brands have a dedicated abuse or anti-phishing reporting channel — reporting helps them take the site down and protects other users.

    Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
Not listedCheck ↗
VirusTotal
Not listedCheck ↗
AbuseIPDB
Not listedCheck ↗
Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Referenced Domains

Outbound domains this page links to or loads resources from. Each links to its own security scan.

gmpg.orgfonts.googleapis.compl29852022.effectivecpmnetwork.comhighperformanceformat.compl29852019.effectivecpmnetwork.com

Safety FAQ

Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.

  • Our automated security review marked corepack.org as suspicious. Several warning signs were detected; it may still turn out legitimate, but you should verify it through independent channels before trusting it with money or credentials.
  • corepack.org currently scores 45/100 on our trust scale. We found enough warning signals to recommend caution. Verify the site through independent channels before entering credentials or money.
  • Yes. corepack.org presents a valid TLSv1.3 certificate issued by Let's Encrypt · YR1, expiring in 68 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.
  • corepack.org is 5 months old, registered on 1/25/2026 through Spaceship, Inc.. Scam domains are often freshly registered — a site under 6 months old warrants extra caution.
  • No. All 92 antivirus engines in our malware network report corepack.org as clean.
  • No. corepack.org is not currently listed on the major browser blocklist feeds that modern browsers use.
  • corepack.org resolves to an IP operated by Psychz Networks in US (usage type: Data Center/Web Hosting/Transit). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
  • This is a permanent record of the scan run on June 25, 2026. The verdict and evidence above reflect that scan and do not change on their own. If circumstances around corepack.org have changed, MalwareTips staff can run a fresh scan, which re-runs every check from scratch and publishes an updated report.

Final Verdict

0
Trust / 100
Final Verdict·corepack.org
SUSPICIOUS

This site is an unofficial clone that impersonates the official Node.js Corepack tool. While it doesn't currently distribute malware, it is flagged by the official development team as a fake site that should be ignored. Do not download files or follow technical advice from this domain.

Avoid using this site for technical documentation or software downloads. Use the official Node.js website or the project's GitHub repository for verified information.

AV engines
92
MT passes
2
Net signals
1
Scan another URL
Security review completemalwaretips.com/url-scan
Recently scanned

Other Suspicious reports

Browse all reports
Suspicioustrust51
nudeleaks.tv
51m ago
Read the review
Suspicioustrust55
sync.thecas.xyz
51m ago
Read the review
Suspicioustrust29
crm360degree.com
2h ago
Read the review
Suspicioustrust27
fileditchfiles.me
2h ago
Read the review
Suspicioustrust54
chromaapp.online
3h ago
Read the review
Suspicioustrust26
teenager365.to
3h ago
Read the review
Suspicioustrust47
wiki.lua.tools
3h ago
Read the review
Suspicioustrust46
s.dsgldf.com
4h ago
Read the review
Suspicioustrust49
d8uf15ghubcc73fc3alg.deltagrowthforge.com
4h ago
Read the review
Suspicioustrust45
wissensmanager-zh.pages.dev
4h ago
Read the review
Suspicioustrust43
k66gqq.chydront.com
4h ago
Read the review
Suspicioustrust57
browserpro.online
4h ago
Read the review
Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.