MAL-2025-191597

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/tensor-fi-crypto-utils/MAL-2025-191597.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-191597
Published
2025-12-01T13:27:08Z
Modified
2025-12-02T21:59:25.307099Z
Summary
Malicious code in tensor-fi-crypto-utils (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (e9ed8cc30500616c36f3301bfeb5ec377ea53456fdfcbcb8fa1993346cb64958)

The package tensor-fi-crypto-utils was found to contain malicious code.

Database specific 
{
    "malicious-packages-origins": [
        {
            "versions": [
                "1.0.0"
            ],
            "modified_time": "2025-12-01T13:27:08Z",
            "sha256": "ab2f7c6973a364150020d9afb3bba24655aa9c52e49d945a00bff11e6c50bc27",
            "id": "RLMA-2025-05963",
            "source": "reversing-labs",
            "import_time": "2025-12-02T09:09:55.336612977Z"
        },
        {
            "versions": [
                "1.0.0"
            ],
            "modified_time": "2025-12-02T21:11:00Z",
            "sha256": "e9ed8cc30500616c36f3301bfeb5ec377ea53456fdfcbcb8fa1993346cb64958",
            "source": "amazon-inspector",
            "import_time": "2025-12-02T21:35:55.730767461Z"
        }
    ]
}
References
Credits

Affected packages

npm / tensor-fi-crypto-utils

Package

Name
tensor-fi-crypto-utils
View open source insights on deps.dev
Purl
pkg:npm/tensor-fi-crypto-utils

Affected ranges

Affected versions

1.*
1.0.0

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/tensor-fi-crypto-utils/MAL-2025-191597.json"