MAL-2026-5794

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/neural-network-scan/MAL-2026-5794.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-5794

Published

2026-06-15T16:22:20Z

Modified

2026-06-15T17:31:49.002490456Z

Summary

Malicious code in neural-network-scan (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (898c75e5a6ae94d115820736ffd2ca4cb948f72655d5c0175a3432cec835768c)

The package ships a collect.js script that imports childprocess and performs an HTTP POST carrying host identifiers (hostname referenced multiple times in the same file alongside the POST sink). This pattern — childprocess + hostname collection + outbound POST in a non-functional 'scan' utility — matches the host-reconnaissance / data-exfiltration shape used by dependency-confusion and recon-beacon packages. The package name and minimal surface are consistent with a recon lure rather than a useful library. Installing or requiring this package causes installer host data to be sent to an external endpoint.

Database specific

{
    "malicious-packages-origins": [
        {
            "id": "IN-MAL-2026-006515",
            "import_time": "2026-06-15T17:22:47.054834834Z",
            "source": "amazon-inspector",
            "versions": [
                "1.0.9"
            ],
            "modified_time": "2026-06-15T16:22:25Z",
            "sha256": "32cd34d7d848f0f64839e9fd009bc22f56f1407049fdfddfb277152fc0dc3e9b"
        },
        {
            "id": "IN-MAL-2026-006509",
            "import_time": "2026-06-15T17:22:46.677958399Z",
            "source": "amazon-inspector",
            "versions": [
                "1.0.2"
            ],
            "modified_time": "2026-06-15T16:22:20Z",
            "sha256": "8657017661f8b275b9adef62fddbdc4fce4016c571bd2a1e5dadd9eee9609a53"
        },
        {
            "id": "IN-MAL-2026-006511",
            "import_time": "2026-06-15T17:22:46.809132012Z",
            "versions": [
                "1.0.8"
            ],
            "source": "amazon-inspector",
            "modified_time": "2026-06-15T16:22:21Z",
            "sha256": "898c75e5a6ae94d115820736ffd2ca4cb948f72655d5c0175a3432cec835768c"
        },
        {
            "id": "IN-MAL-2026-006513",
            "import_time": "2026-06-15T17:22:46.932463896Z",
            "source": "amazon-inspector",
            "versions": [
                "1.0.1"
            ],
            "modified_time": "2026-06-15T16:22:22Z",
            "sha256": "91f7b1fd2b2e20022c3700412be3a333d7fd9a9728f29ba4201bfa7bdf51d68d"
        },
        {
            "id": "IN-MAL-2026-006512",
            "import_time": "2026-06-15T17:22:46.875054394Z",
            "source": "amazon-inspector",
            "versions": [
                "1.0.8"
            ],
            "modified_time": "2026-06-15T16:22:22Z",
            "sha256": "a572bf2268bcbcc67e7ef597c16a61ca3aa7a2a87377444ab4e7d48fcea32845"
        },
        {
            "id": "IN-MAL-2026-006514",
            "import_time": "2026-06-15T17:22:46.995562862Z",
            "source": "amazon-inspector",
            "versions": [
                "1.0.1"
            ],
            "modified_time": "2026-06-15T16:22:23Z",
            "sha256": "bdcd20372cf130e662ffa5c85d3a9d30d45d71c5c647736c3dfec1d9ee9ca25b"
        },
        {
            "id": "IN-MAL-2026-006516",
            "import_time": "2026-06-15T17:22:47.127718066Z",
            "source": "amazon-inspector",
            "versions": [
                "1.0.9"
            ],
            "modified_time": "2026-06-15T16:22:26Z",
            "sha256": "50dd445d8521da8572330c103ed001bdbabc8dca459072073d24f3b50a65602a"
        },
        {
            "id": "IN-MAL-2026-006510",
            "import_time": "2026-06-15T17:22:46.75223967Z",
            "source": "amazon-inspector",
            "versions": [
                "1.0.2"
            ],
            "modified_time": "2026-06-15T16:22:21Z",
            "sha256": "51339fa6de09a8ba3910005913acdd754aac96895f7d3f49968e1663bdb95f68"
        }
    ]
}

References

Credits

- Amazon Inspector - FINDER
- - inspector-research@amazon.com

Affected packages

npm / neural-network-scan

Package

Name: neural-network-scan; View open source insights on deps.dev
Purl: pkg:npm/neural-network-scan

Affected ranges

Affected versions

1.*

1.0.1

1.0.2

1.0.8

1.0.9

Database specific

cwes

[
    {
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506"
    },
    {
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506"
    },
    {
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506"
    },
    {
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506"
    }
]

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/neural-network-scan/MAL-2026-5794.json"

indicators

{
    "package_integrity": [
        {
            "filename": "neural-network-scan-1.0.9.tgz",
            "hashes": {
                "sha1": "dfcaf9911fa7c8ccb4fb1a23ee04ca5ffae09d84",
                "sha512_sri": "sha512-y8twXKnINvpkrrcnTyPxxZK6ygZOvivKOGu6EoeekzORVhjHgdasIu+rSGz7k4UNQSH6pX8xSm6b4aBFXI9RHw=="
            }
        }
    ],
    "evidence_files": [
        {
            "path": "collect.js",
            "sha256": "57adc4f1f15fdf470534e2b357c51a4c6b50bd6c281237638be2ff781a429fb8",
            "tlsh": "cea21e5b14cb351ac747e70ad7670014ad88abb3b113bb41bb8c9bd41f2ad2663d09f9"
        }
    ],
    "ips": [
        "104.16.7.34",
        "10.1.0.2"
    ]
}