MAL-2024-2983

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/sapling-output-plugin/MAL-2024-2983.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2024-2983
Aliases
  • SNYK-JS-SAPLINGOUTPUTPLUGIN-3336015
Published
2024-06-25T12:59:50Z
Modified
2025-08-29T06:43:17Z
Summary
Malicious code in sapling-output-plugin (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (a9881410b4e7132728272d0e75bae0fdd73429bc2b8a936a6e723a03d61efc7e)

The OpenSSF Package Analysis project identified 'sapling-output-plugin' @ 2.0.0 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.
Database specific 
{
    "malicious-packages-origins": [
        {
            "modified_time": "2024-06-25T12:59:50Z",
            "source": "reversing-labs",
            "import_time": "2024-06-28T02:44:39.899870834Z",
            "id": "RLMA-2024-01708",
            "versions": [
                "1.0.0"
            ],
            "sha256": "3dd0b163fe2c2715dd91aa347b0a61104e330b395e0ce25bea152658534789f0"
        },
        {
            "modified_time": "2024-10-16T13:17:33Z",
            "source": "reversing-labs",
            "import_time": "2024-10-24T00:58:19.132967028Z",
            "id": "RLUA-2024-07256",
            "sha256": "2c8e6a3e1ca116f98698d93301e4ac052f81732b0771f1df58bf009e933da27f"
        },
        {
            "modified_time": "2025-08-03T06:24:29Z",
            "source": "ossf-package-analysis",
            "import_time": "2025-08-03T06:43:46.333640616Z",
            "sha256": "a9881410b4e7132728272d0e75bae0fdd73429bc2b8a936a6e723a03d61efc7e",
            "versions": [
                "2.0.0"
            ]
        },
        {
            "modified_time": "2025-08-28T07:39:43Z",
            "source": "reversing-labs",
            "import_time": "2025-08-29T06:42:50.04394735Z",
            "id": "RLUA-2025-04674",
            "versions": [
                "2.0.0",
                "10.0.0",
                "3.0.1"
            ],
            "sha256": "3f1bd97f61eecb284c2c392d415de42b7aa79a0b9805b3e78179c628939fc061"
        }
    ]
}
References
Credits

Affected packages

npm / sapling-output-plugin

Package

Name
sapling-output-plugin
View open source insights on deps.dev
Purl
pkg:npm/sapling-output-plugin

Affected ranges

Affected versions

1.*

1.0.0

2.*

2.0.0

3.*

3.0.1

10.*

10.0.0