MAL-2024-11814
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@tradm/my_package_legit/MAL-2024-11814.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2024-11814
- Published
- 2024-12-06T16:05:45Z
- Modified
- 2024-12-16T03:21:27Z
- Summary
- Malicious code in @tradm/my_package_legit (npm)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: ossf-package-analysis (29cce75017efa5cb89df0d22884f39b9d70b835108800ea9b64b10f295f11eb7)
The OpenSSF Package Analysis project identified '@tradm/mypackagelegit' @ 1.9.24 (npm) as malicious.
It is considered malicious because:
- The package executes one or more commands associated with malicious behavior.
- Database specific
{ "malicious-packages-origins": [ { "versions": [ "1.9.24" ], "modified_time": "2024-12-11T12:09:25Z", "sha256": "29cce75017efa5cb89df0d22884f39b9d70b835108800ea9b64b10f295f11eb7", "source": "ossf-package-analysis", "import_time": "2024-12-13T01:33:30.668638017Z" }, { "versions": [ "1.9.25" ], "modified_time": "2024-12-11T12:36:03Z", "sha256": "72a8a256b7fc0a6a59d3d6e76a1462ab7179db09766657ff34faf1970af26c16", "source": "ossf-package-analysis", "import_time": "2024-12-13T01:33:30.743051164Z" }, { "versions": [ "1.9.20" ], "modified_time": "2024-12-11T10:45:56Z", "sha256": "93fc7ac726061953058c6fb04dc727463e6778f5dfd6cfbf4839c49cd5a87a47", "source": "ossf-package-analysis", "import_time": "2024-12-13T01:33:30.470012319Z" }, { "versions": [ "1.9.27" ], "modified_time": "2024-12-11T13:45:44Z", "sha256": "95a407ed9ea8a1fec7e66a68b6e2826978b86b8d1fb881ce3f3d96e675aeea0a", "source": "ossf-package-analysis", "import_time": "2024-12-13T01:33:30.841859794Z" }, { "versions": [ "1.9.21" ], "modified_time": "2024-12-11T10:52:42Z", "sha256": "9d68d94a0dc57d72b3fd7a07bbb4a992caded36940ade0fd10c452c554dd22b6", "source": "ossf-package-analysis", "import_time": "2024-12-13T01:33:30.556843116Z" }, { "versions": [ "1.9.0" ], "modified_time": "2024-12-06T16:05:45Z", "sha256": "245c700e760b67a98524924c97a682b4e93d27ad3dd695db67ece9ee62b8f44d", "source": "ossf-package-analysis", "import_time": "2024-12-16T03:20:58.348279895Z" }, { "versions": [ "1.9.1" ], "modified_time": "2024-12-06T16:13:43Z", "sha256": "31efb9cedb32f835f62c26ccfbc3cf03d47599de652468c8c23124735779d516", "source": "ossf-package-analysis", "import_time": "2024-12-16T03:20:58.50461194Z" }, { "versions": [ "1.9.4" ], "modified_time": "2024-12-06T16:20:51Z", "sha256": "322600b603307ada9250b3f5c44ad000404b903586a6dfd2ce88f49f60e79ef1", "source": "ossf-package-analysis", "import_time": "2024-12-16T03:20:58.759197679Z" }, { "versions": [ "1.9.18" ], "modified_time": "2024-12-06T17:45:44Z", "sha256": "40936075da678ab876cbe0d4230edfada0d59eb9700afd8b2429f35000751d0f", "source": "ossf-package-analysis", "import_time": "2024-12-16T03:20:59.144717936Z" }, { "versions": [ "1.9.8" ], "modified_time": "2024-12-06T16:45:51Z", "sha256": "7d2d934ad34c50d54538f477f632e18392c566a9060debb580c6c4eed72f46bc", "source": "ossf-package-analysis", "import_time": "2024-12-16T03:20:58.896894906Z" }, { "versions": [ "1.9.7" ], "modified_time": "2024-12-06T16:55:51Z", "sha256": "956386e1ac2c4f4411498c19ae681b3f7ce6893e1e46483971c166af0e83a000", "source": "ossf-package-analysis", "import_time": "2024-12-16T03:20:59.035554845Z" }, { "versions": [ "1.9.3" ], "modified_time": "2024-12-06T16:16:07Z", "sha256": "fcab72676186c44f5d226ae162fe1623d948423d566c10005ea278a3dc872bda", "source": "ossf-package-analysis", "import_time": "2024-12-16T03:20:58.635585772Z" } ] }- References
-
- Credits
-
-
- OpenSSF: Package Analysis - FINDER
-
Affected packages
npm / @tradm/my_package_legit
Package
- Name
- @tradm/my_package_legit
- View open source insights on deps.dev
- Purl
- pkg:npm/%40tradm/my_package_legit