npm · Malicious package advisory
Malwareneural-network-scan
MAL-2026-5794
Malicious code in neural-network-scan (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (898c75e5a6ae94d115820736ffd2ca4cb948f72655d5c0175a3432cec835768c) The package ships a collect.js script that imports child_process and performs an HTTP POST carrying host identifiers (hostname referenced multiple times in the same file alongside the POST sink). This pattern — child_process + hostname collection + outbound POST in a non-functional 'scan' utility — matches the host-reconnaissance / data-exfiltration shape used by dependency-confusion and recon-beacon packages. The package name and minimal surface are consistent with a recon lure rather than a useful library. Installing or requiring this package causes installer host data to be sent to an external endpoint.
Compromised versions (4)
- 1.0.9
- 1.0.2
- 1.0.8
- 1.0.1
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.