MAL-2025-191587

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/sing-fest-es-logger/MAL-2025-191587.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-191587
Published
2025-12-01T13:25:27Z
Modified
2025-12-02T21:59:09.458642Z
Summary
Malicious code in sing-fest-es-logger (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (568dedb347f57208c9d7934b8818262beac7eba759430a41f2d3a12d23e12399)

The package sing-fest-es-logger was found to contain malicious code.

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "2025.10.20"
            ],
            "sha256": "1f04668019083ae2b7511199750b37ffd9ac54e58cf77d2ebea8d37d28b06f19",
            "modified_time": "2025-12-01T13:25:27Z",
            "source": "reversing-labs",
            "id": "RLMA-2025-05949",
            "import_time": "2025-12-02T09:09:54.141746518Z"
        },
        {
            "versions": [
                "2025.10.20"
            ],
            "sha256": "568dedb347f57208c9d7934b8818262beac7eba759430a41f2d3a12d23e12399",
            "modified_time": "2025-12-02T21:11:00Z",
            "source": "amazon-inspector",
            "import_time": "2025-12-02T21:35:52.711036355Z"
        }
    ]
}
References
Credits

Affected packages

npm / sing-fest-es-logger

Package

Name
sing-fest-es-logger
View open source insights on deps.dev
Purl
pkg:npm/sing-fest-es-logger

Affected ranges

Affected versions

2025.*
2025.10.20

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/sing-fest-es-logger/MAL-2025-191587.json"