—

MAL-2026-5794

Malicious code in neural-network-scan (npm)

Details

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (898c75e5a6ae94d115820736ffd2ca4cb948f72655d5c0175a3432cec835768c) The package ships a collect.js script that imports child_process and performs an HTTP POST carrying host identifiers (hostname referenced multiple times in the same file alongside the POST sink). This pattern — child_process + hostname collection + outbound POST in a non-functional 'scan' utility — matches the host-reconnaissance / data-exfiltration shape used by dependency-confusion and recon-beacon packages. The package name and minimal surface are consistent with a recon lure rather than a useful library. Installing or requiring this package causes installer host data to be sent to an external endpoint.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / neural-network-scan

No fixed version published yet for neural-network-scan (npm). Pin to a known-safe version or switch to an alternative.

References

https://www.npmjs.com/package/neural-network-scan/v/1.0.9 [PACKAGE]
https://www.npmjs.com/package/neural-network-scan/v/1.0.2 [PACKAGE]
https://www.npmjs.com/package/neural-network-scan/v/1.0.8 [PACKAGE]
https://www.npmjs.com/package/neural-network-scan/v/1.0.1 [PACKAGE]