{"id":"MAL-2024-11890","summary":"Malicious code in @saferpay/logging (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (00760b75ef6449f1f4125794bd96880aae15b6a332fb2103a23c849e0d0d01f2)\nThe OpenSSF Package Analysis project identified '@saferpay/logging' @ 5.9.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2024-12-17T02:32:38Z","published":"2024-12-16T23:10:46Z","database_specific":{"malicious-packages-origins":[{"source":"ossf-package-analysis","import_time":"2024-12-17T02:32:14.234173887Z","sha256":"00760b75ef6449f1f4125794bd96880aae15b6a332fb2103a23c849e0d0d01f2","modified_time":"2024-12-16T23:10:46Z","versions":["5.9.1"]},{"source":"ossf-package-analysis","import_time":"2024-12-17T02:32:14.40197348Z","sha256":"fdb20e3098a7a20af2904bf13326335d9cb21597bf09f509fe9cf4a8fe757f74","modified_time":"2024-12-16T23:35:58Z","versions":["5.9.2"]}]},"affected":[{"package":{"name":"@saferpay/logging","ecosystem":"npm","purl":"pkg:npm/%40saferpay/logging"},"versions":["5.9.1","5.9.2"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@saferpay/logging/MAL-2024-11890.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}