{"id":"MAL-2024-9088","summary":"Malicious code in @test3.svt/first-npm-package-test-2 (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (c5d0ddb406420abe4a1e74b157a237b13abf8b3b0753309cc30b2d10ceb7de42)\nThe OpenSSF Package Analysis project identified '@test3.svt/first-npm-package-test-2' @ 1.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2024-10-08T07:34:44Z","published":"2024-10-04T07:17:51Z","database_specific":{"malicious-packages-origins":[{"versions":["1.0.0"],"import_time":"2024-10-04T07:34:21.919702246Z","source":"ossf-package-analysis","modified_time":"2024-10-04T07:17:51Z","sha256":"c5d0ddb406420abe4a1e74b157a237b13abf8b3b0753309cc30b2d10ceb7de42"},{"versions":["1.0.3"],"import_time":"2024-10-04T08:06:46.043334453Z","source":"ossf-package-analysis","modified_time":"2024-10-04T07:40:48Z","sha256":"cdca872041c524cbdc06d12fc5d24fc8a69e7b6e72b8f93d1ce418783c34d3d0"},{"versions":["1.0.7"],"import_time":"2024-10-04T08:37:36.517327925Z","source":"ossf-package-analysis","modified_time":"2024-10-04T08:26:20Z","sha256":"804bf93978a361d6c351b4ed0af35d887bf08dfcfa6f994e04bc9e16552e2989"},{"versions":["1.1.0"],"import_time":"2024-10-04T10:05:39.198066028Z","source":"ossf-package-analysis","modified_time":"2024-10-04T09:55:38Z","sha256":"70f023040c36a68cdd675600adef4d7149c99af318a98c01a27db8fc9cfe933f"},{"versions":["1.1.1"],"import_time":"2024-10-04T10:37:47.949676784Z","source":"ossf-package-analysis","modified_time":"2024-10-04T10:06:49Z","sha256":"403c3f8efadc5c679fc159e498d172b96f00c0d81359a26cce994e477f56668a"},{"versions":["1.1.4"],"import_time":"2024-10-04T12:08:10.884970356Z","source":"ossf-package-analysis","modified_time":"2024-10-04T12:05:53Z","sha256":"9d056795b31aa303fcf24c0767e5651f7acd48dcfbacd49809eb5d87d464db01"},{"versions":["1.1.7"],"import_time":"2024-10-04T12:45:58.951924089Z","source":"ossf-package-analysis","modified_time":"2024-10-04T12:10:54Z","sha256":"8ec91a84795f3a48a34d43b42dc47a911f7dda3a89a4e9f9855f3f8b2a6bcd13"},{"versions":["1.2.3"],"import_time":"2024-10-07T08:07:13.866308339Z","source":"ossf-package-analysis","modified_time":"2024-10-07T07:45:54Z","sha256":"03d3de6b6c31932c98e9bc82b47b8f2219fa54e301f35cfcabd2a7fdb96cbec6"},{"versions":["1.2.1"],"import_time":"2024-10-07T08:07:13.729272005Z","source":"ossf-package-analysis","modified_time":"2024-10-07T07:45:48Z","sha256":"d5b57966cf922eb12776d69c8cacd2721cd6ed4f1cea30c97307a3e78898f656"},{"versions":["1.2.6"],"import_time":"2024-10-08T07:05:35.315044947Z","source":"ossf-package-analysis","modified_time":"2024-10-08T07:00:38Z","sha256":"ac3245be55da129f3efd53f9a7f6b563de5545039abde08a6e6ed0246e2abd24"},{"versions":["1.2.5"],"import_time":"2024-10-08T07:05:35.166508696Z","source":"ossf-package-analysis","modified_time":"2024-10-08T06:59:03Z","sha256":"b8894b6f0747b7700211aa0d62406f402f29a9b868647677bda90865d8395260"},{"versions":["1.3.3"],"import_time":"2024-10-08T07:34:17.7192587Z","source":"ossf-package-analysis","modified_time":"2024-10-08T07:30:44Z","sha256":"0d6527e273dea75eb65c006896c6440bdfd9dc629117b19a447421c829528c1a"},{"versions":["1.3.0"],"import_time":"2024-10-08T07:34:17.54415248Z","source":"ossf-package-analysis","modified_time":"2024-10-08T07:10:55Z","sha256":"8244ce1a8c1656999d0c39d38714fce4e6fa8b9d5430961ca4cdd9544f5369b5"}]},"affected":[{"package":{"name":"@test3.svt/first-npm-package-test-2","ecosystem":"npm","purl":"pkg:npm/%40test3.svt/first-npm-package-test-2"},"versions":["1.0.0","1.0.3","1.0.7","1.1.0","1.1.1","1.1.4","1.1.7","1.2.3","1.2.1","1.2.6","1.2.5","1.3.3","1.3.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@test3.svt/first-npm-package-test-2/MAL-2024-9088.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}