MAL-2025-139

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/snapon-imageviewer-lw/MAL-2025-139.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-139
Published
2025-01-19T19:16:15Z
Modified
2025-01-19T19:16:15Z
Summary
Malicious code in snapon-imageviewer-lw (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (dac8ff3dcbee53083536b2203656b42fead39936c6e36b53ae6c6d23c45d5430)

The OpenSSF Package Analysis project identified 'snapon-imageviewer-lw' @ 17.0.0-LW-R (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.
Database specific 
{
    "malicious-packages-origins": [
        {
            "modified_time": "2025-01-19T19:16:15Z",
            "import_time": "2025-01-19T19:34:15.601988643Z",
            "versions": [
                "17.0.0-LW-R"
            ],
            "source": "ossf-package-analysis",
            "sha256": "dac8ff3dcbee53083536b2203656b42fead39936c6e36b53ae6c6d23c45d5430"
        }
    ]
}
References
Credits

Affected packages

npm / snapon-imageviewer-lw

Package

Name
snapon-imageviewer-lw
View open source insights on deps.dev
Purl
pkg:npm/snapon-imageviewer-lw

Affected ranges

Affected versions

17.*

17.0.0-LW-R