MAL-2026-5853

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/sp-api-dev-assistant-mcp-server/MAL-2026-5853.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-5853
Aliases
  • GHSA-hgm9-w4fm-65m9
Published
2026-06-16T00:05:25Z
Modified
2026-07-08T17:16:52.670657286Z
Summary
Malicious code in sp-api-dev-assistant-mcp-server (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (18b5b59005300a7a8612a3bf36d3707df573ac722e94e52a3854844345d63745)

Package contains only package.json and README.md, with the README explicitly stating it is a proof-of-concept squatting an unclaimed npm name that was referenced as a dependency in an Amazon-internal repository. The version is set to 99.9.0 to win semver resolution against any internal release. The current tarball ships no scripts, no main, and no source files, so installing this version performs no code execution and exfiltrates no data — the harm is limited to the name being held by a non-Amazon party who could publish payload-bearing future versions. Installers whose package manager resolves the public npm registry for this name would receive whatever the squatter publishes next.

Source: ghsa-malware (41506fcb0f329d1b260c8aea68fe27eb7b648576521da211f366dc49459bc388)

Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Database specific
{
    "malicious-packages-origins": [
        {
            "sha256": "41506fcb0f329d1b260c8aea68fe27eb7b648576521da211f366dc49459bc388",
            "id": "GHSA-hgm9-w4fm-65m9",
            "import_time": "2026-06-16T01:31:34.718743242Z",
            "modified_time": "2026-06-16T00:05:31Z",
            "ranges": [
                {
                    "type": "SEMVER",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "source": "ghsa-malware"
        },
        {
            "versions": [
                "99.9.0"
            ],
            "id": "IN-MAL-2026-008092",
            "import_time": "2026-07-08T17:01:29.776821346Z",
            "sha256": "18b5b59005300a7a8612a3bf36d3707df573ac722e94e52a3854844345d63745",
            "modified_time": "2026-07-08T16:23:39Z",
            "source": "amazon-inspector"
        }
    ]
}
References
Credits

Affected packages

npm / sp-api-dev-assistant-mcp-server

Package

Name
sp-api-dev-assistant-mcp-server
View open source insights on deps.dev
Purl
pkg:npm/sp-api-dev-assistant-mcp-server

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

99.*
99.9.0

Database specific

indicators
{
    "evidence_files": [
        {
            "sha256": "4867078b9ed5edfd141ffcd0dac74cced7f1fca6e9ed5d194f941f94d837eec2",
            "tlsh": "93f0e1555140eb331b6602572056a3f35b27d0981a3f10e0b19e038e581f4c8d3636bd",
            "path": "README.md"
        }
    ]
}
cwes
[
    {
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506",
        "description": "The product contains code that appears to be malicious in nature."
    },
    {
        "cweId": "CWE-506",
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature."
    }
]
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/sp-api-dev-assistant-mcp-server/MAL-2026-5853.json"