MAL-2025-192286

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/elf-stats-tinsel-sparkler-289/MAL-2025-192286.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-192286
Published
2025-12-03T19:38:32Z
Modified
2025-12-24T00:24:24.638205Z
Summary
Malicious code in elf-stats-tinsel-sparkler-289 (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (b7b6b73c1a42f93c6d3a57c4b824e8bad5556ea6947672564bbb4cd6fc6c87d2)

The package elf-stats-tinsel-sparkler-289 was found to contain malicious code.

Source: ossf-package-analysis (c63042efca4c769fab4af2c6acabbe6a9b7808cb9c125d056dce01b1717024e1)

The OpenSSF Package Analysis project identified 'elf-stats-tinsel-sparkler-289' @ 1.0.0 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.
Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "1.0.0"
            ],
            "import_time": "2025-12-03T20:08:02.734262355Z",
            "modified_time": "2025-12-03T19:38:32Z",
            "sha256": "c63042efca4c769fab4af2c6acabbe6a9b7808cb9c125d056dce01b1717024e1",
            "source": "ossf-package-analysis"
        },
        {
            "versions": [
                "1.0.0"
            ],
            "import_time": "2025-12-05T20:39:35.958691998Z",
            "modified_time": "2025-12-05T20:38:15Z",
            "sha256": "b7b6b73c1a42f93c6d3a57c4b824e8bad5556ea6947672564bbb4cd6fc6c87d2",
            "source": "amazon-inspector"
        },
        {
            "versions": [
                "1.0.0"
            ],
            "id": "RLMA-2025-06323",
            "modified_time": "2025-12-23T08:11:19Z",
            "import_time": "2025-12-23T22:07:18.818463178Z",
            "sha256": "dab74a67a0f0b662ea6b392e25a4f10e85fb086427a5bccb25facefabccfb9b5",
            "source": "reversing-labs"
        }
    ]
}
References
Credits

Affected packages

npm / elf-stats-tinsel-sparkler-289

Package

Name
elf-stats-tinsel-sparkler-289
View open source insights on deps.dev
Purl
pkg:npm/elf-stats-tinsel-sparkler-289

Affected ranges

Affected versions

1.*
1.0.0

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/elf-stats-tinsel-sparkler-289/MAL-2025-192286.json"