-= Per source details. Do not edit below this line.=-
The OpenSSF Package Analysis project identified 'pmd-github-action' @ 7.2.9 (npm) as malicious.
It is considered malicious because:
The package communicates with a domain associated with malicious activity.
The package executes one or more commands associated with malicious behavior.
{ "malicious-packages-origins": [ { "sha256": "25570da8772dbadd784a50cef765f49e039bdd693711fa519447931729c5ec72", "import_time": "2023-09-18T17:34:23.022536945Z", "versions": [ "7.2.9" ], "source": "ossf-package-analysis", "modified_time": "2023-09-18T17:18:10Z" }, { "sha256": "a1f0ddffd09c742a9fb1800552d1d62c789596cc1be17ddcece869a2e3dafefc", "import_time": "2023-09-18T17:34:22.958039742Z", "versions": [ "7.9.9" ], "source": "ossf-package-analysis", "modified_time": "2023-09-18T17:10:45Z" }, { "sha256": "40cfc6449425b40cb1843150153cd37cfb95b7369f18b98ba4f71bb6c19a4f17", "import_time": "2023-09-19T04:34:40.893009725Z", "versions": [ "9.9.9" ], "source": "ossf-package-analysis", "modified_time": "2023-09-18T16:50:37Z" }, { "sha256": "848b98ef9e3b341f70eb8accf2bd526095d488e08fb67886aa5aa29504d5da6f", "import_time": "2023-09-19T04:34:40.784565762Z", "versions": [ "2.1.1" ], "source": "ossf-package-analysis", "modified_time": "2023-09-18T16:36:57Z" } ] }