VYPR

npm · Malicious package advisory

Malware

neural-network-scan

MAL-2026-5794

Malicious code in neural-network-scan (npm)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (898c75e5a6ae94d115820736ffd2ca4cb948f72655d5c0175a3432cec835768c)
The package ships a collect.js script that imports child_process and performs an HTTP POST carrying host identifiers (hostname referenced multiple times in the same file alongside the POST sink). This pattern — child_process + hostname collection + outbound POST in a non-functional 'scan' utility — matches the host-reconnaissance / data-exfiltration shape used by dependency-confusion and recon-beacon packages. The package name and minimal surface are consistent with a recon lure rather than a useful library. Installing or requiring this package causes installer host data to be sent to an external endpoint.

Compromised versions (4)

  • 1.0.9
  • 1.0.2
  • 1.0.8
  • 1.0.1

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.