{"id":"MAL-2024-11233","summary":"Malicious code in yelp-logging (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (7ff40f995641f74640b48eeefb3717de25988026d50ca8f472fe4b69d7a91ca7)\nThe OpenSSF Package Analysis project identified 'yelp-logging' @ 1.0.39 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n","modified":"2024-12-07T19:05:35Z","published":"2024-12-07T18:34:41Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2024-12-07T18:34:41Z","versions":["1.0.39"],"sha256":"7ff40f995641f74640b48eeefb3717de25988026d50ca8f472fe4b69d7a91ca7","source":"ossf-package-analysis","import_time":"2024-12-07T18:38:34.462992071Z"},{"modified_time":"2024-12-07T18:51:07Z","versions":["1.0.40"],"sha256":"c8b7cd1f30395e73078c628a01ef8b4026e67b1288487d3b9e37c695cf13aac3","source":"ossf-package-analysis","import_time":"2024-12-07T19:05:04.506417937Z"}]},"affected":[{"package":{"name":"yelp-logging","ecosystem":"npm","purl":"pkg:npm/yelp-logging"},"versions":["1.0.39","1.0.40"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/yelp-logging/MAL-2024-11233.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}