{"id":"MAL-2026-3362","summary":"Malicious code in 24712-pl5006 (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (d2546cdc76edb1f8a93dcf66c855ca6246bb0d4ed76c72a7fd3c1aec44f34761)\nThe package 24712-pl5006 was found to contain malicious code.\n\n## Source: ossf-package-analysis (115fd80ded696b407b50be96be06645124c2e3c5ca360f283388fcd4bcf3b2de)\nThe OpenSSF Package Analysis project identified '24712-pl5006' @ 0.0.4 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n","modified":"2026-05-12T07:46:51.006291936Z","published":"2026-05-07T00:05:57Z","database_specific":{"malicious-packages-origins":[{"versions":["0.0.4"],"import_time":"2026-05-07T00:48:46.033737416Z","sha256":"115fd80ded696b407b50be96be06645124c2e3c5ca360f283388fcd4bcf3b2de","source":"ossf-package-analysis","modified_time":"2026-05-07T00:10:49Z"},{"sha256":"5c998277f8ad56f2757fe4a9a41de3e65f6c04442079c74b14497f1712a6f00b","versions":["0.0.2"],"import_time":"2026-05-07T00:48:45.908477679Z","source":"ossf-package-analysis","modified_time":"2026-05-07T00:05:57Z"},{"versions":["0.0.4","0.0.2"],"import_time":"2026-05-12T07:28:57.347346174Z","sha256":"d2546cdc76edb1f8a93dcf66c855ca6246bb0d4ed76c72a7fd3c1aec44f34761","source":"amazon-inspector","modified_time":"2026-05-12T06:53:21Z"}]},"affected":[{"package":{"name":"24712-pl5006","ecosystem":"npm","purl":"pkg:npm/24712-pl5006"},"versions":["0.0.4","0.0.2"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/24712-pl5006/MAL-2026-3362.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}