MAL-2025-125
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/netflixdesign/MAL-2025-125.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2025-125
- Published
- 2025-01-15T22:30:33Z
- Modified
- 2025-06-18T15:07:35Z
- Summary
- Malicious code in netflixdesign (npm)
- Details
-
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain.
-= Per source details. Do not edit below this line.=-
- Database specific
{ "malicious-packages-origins": [ { "import_time": "2025-06-18T15:06:29.301566869Z", "modified_time": "2025-06-18T10:34:54Z", "versions": [ "1.0.1" ], "id": "RLMA-2025-03339", "sha256": "01171e0b4ae67e536275cf66dfb6f9df6717c590d5d8782bc0f1e82e5f842872", "source": "reversing-labs" } ] }- References
-
- Credits
-
-
- GitHax - Software Supply Chain Threat Intelligence - FINDER
-
- ReversingLabs - FINDER
-
Affected packages
npm / netflixdesign
Package
- Name
- netflixdesign
- View open source insights on deps.dev
- Purl
- pkg:npm/netflixdesign