npm · Malicious package advisory
Malware@ornexus/neocortex
MAL-2026-4416
Malicious code in @ornexus/neocortex (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (bb66a92e1a8c414ee0c8877998a9587b7c8a4be3b9b27b76d874329a87bec5dc) On `npm install -g @ornexus/neocortex`, postinstall.js spawns install.sh (or install.ps1) which, by default, runs an `install_coderabbit` step that fetches `https://cli.coderabbit.ai/install.sh` and pipes it directly into `sh` (PowerShell equivalent on Windows). The fetch is unpinned (no version, no commit, no hash/signature verification), from a domain (`cli.coderabbit.ai`) unrelated to the package's stated publisher (ornexus / neocortex.sh), and unconditional — any compromise, DNS hijack, or content change at cli.coderabbit.ai yields arbitrary code execution on the installer's machine with the privileges of `npm install -g`. Additional aggressive lifecycle behavior compounds the concern: the same script silently `npm uninstall -g`s two other packages and removes a `neocortex-cli` binary from PATH, and it auto-registers MCP servers in the user's Claude Code config that will subsequently `npx -y <pkg>@latest` unpinned third-party packages on every Claude startup. The curl-pipe-sh from a non-publisher domain is the primary block basis; the other behaviors are unconsented mutations of installer state.
Compromised versions (2)
- 4.55.4
- 4.55.5
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.