MAL-2025-191447

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/vf-oss-template/MAL-2025-191447.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-191447
Published
2025-11-25T00:16:49Z
Modified
2025-12-24T10:31:07.104822Z
Summary
Malicious code in vf-oss-template (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (d103d87bdd4b4e74f7f65f5726dc9eac4871a42a7298a619c317e9931c42aa84)

The package vf-oss-template was found to contain malicious code.

Source: google-open-source-security (5aab1429675f85376bd921f9f6c79d7878c53d4c59002a0269af1003fd1b6044)

This package was compromised by the Sha1-Hulud: The Second Coming NPM worm. The malicious payload steals tokens and credentials and publishes them to GitHub. The worm will propogate itself to NPM packages the user owns and establish persistence is a GitHub action. The package may also destroy the user's home directory.

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "1.0.1",
                "1.0.2",
                "1.0.3",
                "1.0.4"
            ],
            "sha256": "5aab1429675f85376bd921f9f6c79d7878c53d4c59002a0269af1003fd1b6044",
            "modified_time": "2025-11-25T00:16:49Z",
            "source": "google-open-source-security",
            "import_time": "2025-11-25T00:17:36.845947Z"
        },
        {
            "versions": [
                "1.0.1",
                "1.0.2",
                "1.0.3",
                "1.0.4"
            ],
            "sha256": "d103d87bdd4b4e74f7f65f5726dc9eac4871a42a7298a619c317e9931c42aa84",
            "modified_time": "2025-12-01T04:11:22Z",
            "source": "amazon-inspector",
            "import_time": "2025-12-01T04:26:45.466211742Z"
        },
        {
            "versions": [
                "1.0.1",
                "1.0.2",
                "1.0.3",
                "1.0.4"
            ],
            "sha256": "3e750fa2c56f959c3fe36251cc187767b9d8ea408ff1842f94bece1be4a5bee4",
            "modified_time": "2025-12-23T08:35:00Z",
            "source": "reversing-labs",
            "id": "RLMA-2025-06524",
            "import_time": "2025-12-24T10:07:29.390172489Z"
        }
    ]
}
References
Credits

Affected packages

npm / vf-oss-template

Package

Affected ranges

Affected versions

1.*
1.0.1
1.0.2
1.0.3
1.0.4

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/vf-oss-template/MAL-2025-191447.json"