MAL-2025-192142

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/elf-stats-snowdusted-stocking-130/MAL-2025-192142.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-192142
Published
2025-12-03T15:59:29Z
Modified
2025-12-03T16:18:41.157947Z
Summary
Malicious code in elf-stats-snowdusted-stocking-130 (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (b35a3b0c2505733f6c54c5b9d41c151216d3ce8d057decff61aa1ed778bbad86)

The package elf-stats-snowdusted-stocking-130 was found to contain malicious code.

Database specific 
{
    "malicious-packages-origins": [
        {
            "sha256": "b35a3b0c2505733f6c54c5b9d41c151216d3ce8d057decff61aa1ed778bbad86",
            "source": "amazon-inspector",
            "modified_time": "2025-12-03T15:59:29Z",
            "versions": [
                "2.5.2",
                "2.7.2",
                "2.8.2"
            ],
            "import_time": "2025-12-03T16:09:42.081326253Z"
        }
    ]
}
References
Credits

Affected packages

npm / elf-stats-snowdusted-stocking-130

Package

Name
elf-stats-snowdusted-stocking-130
View open source insights on deps.dev
Purl
pkg:npm/elf-stats-snowdusted-stocking-130

Affected ranges

Affected versions

2.*
2.5.2
2.7.2
2.8.2

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/elf-stats-snowdusted-stocking-130/MAL-2025-192142.json"