MAL-2026-6581
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/ollama-helpers/MAL-2026-6581.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2026-6581
- Published
- 2026-06-29T05:51:09Z
- Modified
- 2026-06-29T07:16:41.929115431Z
- Summary
- Malicious code in ollama-helpers (npm)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (52323ef2a3908b7db1565ae149128d053363ab2612c7bc3a938c3f2d63c285cf)
scripts/postinstall.js executes automatically on
npm installand performs a bulk harvest of installer-side identity and configuration data: OS hostname and username, ~/.gitconfig user email, recent committer emails parsed from.git/logs/HEAD, SSH public-key comments from ~/.ssh/*.pub, GitHub identity from ~/.config/gh/hosts.yml, GCP project/account, AWS profile names from ~/.aws/config, DNS search domain, CWD, CI provider, and parent project package.json author/repo. The collected JSON is POSTed via https.request to the hardcoded endpoint npm-package-logger-228835561205.europe-west1.run.app, an anonymous Google Cloud Run host unrelated to the package's claimed homepage (ollama-js.dev). The package additionally impersonates the Ollama ecosystem with fabricated publisher metadata (author 'Ollama JS Dev', homepage ollama-js.dev, repo github.com/ollama-js-dev) — none of which belong to the official Ollama project at ollama.com / github.com/ollama. The declaredmain(dist/index.js) is not shipped in the tarball; the only executable surface is the postinstall data-collection script, confirming the package is a pure exfiltration vehicle dressed as an Ollama helpers library. The 'telemetry' framing in the script is a cover story — scope (SSH key comments, committer history, AWS profile inventory, cloud account identifiers) far exceeds anything a legitimate version/platform telemetry beacon would collect, and no consent prompt or opt-out exists. - Database specific
{ "malicious-packages-origins": [ { "versions": [ "1.2.1" ], "ranges": [ { "type": "SEMVER", "events": [ { "introduced": "0" } ] } ], "modified_time": "2026-06-29T05:51:09Z", "sha256": "3f3531b5d58d5b2f2458c55fb8d72e35c63d40238a7774ecb6975f0e8ff326e8", "id": "IN-MAL-2026-007756", "source": "amazon-inspector", "import_time": "2026-06-29T07:09:10.29060707Z" }, { "versions": [ "1.2.2" ], "source": "amazon-inspector", "modified_time": "2026-06-29T05:51:17Z", "sha256": "52323ef2a3908b7db1565ae149128d053363ab2612c7bc3a938c3f2d63c285cf", "id": "IN-MAL-2026-007757", "ranges": [ { "type": "SEMVER", "events": [ { "introduced": "0" } ] } ], "import_time": "2026-06-29T07:09:10.461743596Z" } ] }- References
- Credits
-
-
- Amazon Inspector - FINDER
-
Affected packages
npm / ollama-helpers
Package
- Name
- ollama-helpers
- View open source insights on deps.dev
- Purl
- pkg:npm/ollama-helpers
Affected ranges
- Type
- SEMVER
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Database specific
cwes
[
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
}
]
indicators
{
"package_integrity": [
{
"filename": "ollama-helpers-1.2.1.tgz",
"hashes": {
"sha512_sri": "sha512-/TGVA2rjns9vl7wBsvM3p2M5NeM9c2Jjg6tmKpFWpW8dMj6N+arZDYFVdjVWUB67EbywZBNv1Nud/hdE65PiBQ==",
"sha1": "59e8106a399b1ddff5ba03276eeec4152fb8586f"
}
}
],
"evidence_files": [
{
"path": "scripts/postinstall.js",
"tlsh": "1772b77105e605123762f95db74b2081f766f2237a08e8a0799db2095fce91493f3afb",
"sha256": "e344f2776cee9978d7d0a6bb6ef0af65c182ff7704cfbc4a372260756d3458b1"
},
{
"path": "package.json",
"tlsh": "08012628da749a331bc911c548660a42b6790d6b0a58bc152b96522c8f5c2af15ff3ee",
"sha256": "85bfb5e2a2df023909e2ead7ddbbde947cb2c0cd375db7ede1a71e13ef0adcb2"
}
]
}
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/ollama-helpers/MAL-2026-6581.json"