MAL-2024-60

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@neogov/linkanx/MAL-2024-60.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2024-60
Published
2024-01-10T18:43:33Z
Modified
2024-01-10T18:43:33Z
Summary
Malicious code in @neogov/linkanx (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (133eddd55383f57d0ee29c0a3eb7343b9118e95d6c54ab71bb75aa457dd5d2d0)

The OpenSSF Package Analysis project identified '@neogov/linkanx' @ 1.0.0 (npm) as malicious.

It is considered malicious because:

  • The package executes one or more commands associated with malicious behavior.
Database specific 
{
    "malicious-packages-origins": [
        {
            "versions": [
                "1.0.0"
            ],
            "modified_time": "2024-01-10T18:43:33Z",
            "sha256": "133eddd55383f57d0ee29c0a3eb7343b9118e95d6c54ab71bb75aa457dd5d2d0",
            "source": "ossf-package-analysis",
            "import_time": "2024-01-11T03:33:48.513167924Z"
        }
    ]
}
References
Credits

Affected packages

npm / @neogov/linkanx

Package

Name
@neogov/linkanx
View open source insights on deps.dev
Purl
pkg:npm/%40neogov/linkanx

Affected ranges

Affected versions

1.*
1.0.0

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@neogov/linkanx/MAL-2024-60.json"