-= Per source details. Do not edit below this line.=-
The package kkkaremn was found to contain malicious code.
The OpenSSF Package Analysis project identified 'kkkaremn' @ 11.0.0 (npm) as malicious.
It is considered malicious because:
The package communicates with a domain associated with malicious activity.
The package executes one or more commands associated with malicious behavior.
{
"malicious-packages-origins": [
{
"versions": [
"11.0.0"
],
"sha256": "38d12856c4db0126dfe51c098b1f21420abc032d85ddf07e3df4a6e4cb997b17",
"modified_time": "2025-12-03T01:13:34Z",
"source": "ossf-package-analysis",
"import_time": "2025-12-03T01:35:07.729291383Z"
},
{
"versions": [
"6.0.0"
],
"sha256": "f3c03667184e3d719c08f1d45248aca18a92737f79234f902b8951883607e188",
"modified_time": "2025-12-03T01:00:21Z",
"source": "ossf-package-analysis",
"import_time": "2025-12-03T01:35:07.606186778Z"
},
{
"versions": [
"9.0.0"
],
"sha256": "fb4aa0f8e8d709298eaf5820d8394091385138e9d2b2aec163c56343baba0a8e",
"modified_time": "2025-12-03T00:55:45Z",
"source": "ossf-package-analysis",
"import_time": "2025-12-03T01:35:07.517934072Z"
},
{
"versions": [
"11.0.0",
"6.0.0",
"9.0.0"
],
"sha256": "8be05818c3e6f94f41c611af1a16f1a88489f457de3d8b98cc9c4441eee9e557",
"modified_time": "2025-12-03T17:22:10Z",
"source": "amazon-inspector",
"import_time": "2025-12-03T17:40:20.445280596Z"
},
{
"versions": [
"9.0.0"
],
"sha256": "7cdd385021396db7dcc36db2e4fa8aabab09ebefbde60f07e11cb34ef0fcf2cf",
"modified_time": "2025-12-23T08:18:44Z",
"source": "reversing-labs",
"id": "RLMA-2025-06392",
"import_time": "2025-12-24T10:07:24.462612396Z"
}
]
}