-= Per source details. Do not edit below this line.=-
The package shop-api-sdk was found to contain malicious code.
The OpenSSF Package Analysis project identified 'shop-api-sdk' @ 30.1.1 (npm) as malicious.
It is considered malicious because:
The package communicates with a domain associated with malicious activity.
The package executes one or more commands associated with malicious behavior.
{
"malicious-packages-origins": [
{
"versions": [
"30.1.1"
],
"sha256": "55244eb11c1f0ccb519ddea9ad901abde196c9cd9387c8a4eb3267df5fcff846",
"modified_time": "2025-12-08T19:09:22Z",
"source": "ossf-package-analysis",
"import_time": "2025-12-08T19:35:16.259623261Z"
},
{
"versions": [
"30.1.1"
],
"sha256": "a0306448f7e93f12777f1ee6bfa83d502c06b0a61ae631c612fabd3f8a5d6021",
"modified_time": "2025-12-10T21:03:50Z",
"source": "amazon-inspector",
"import_time": "2025-12-10T21:07:48.944030168Z"
},
{
"versions": [
"30.0.0"
],
"sha256": "9df88087925552afbc95cc8c1ff4512887367255636165d692095bf3bbec52c5",
"modified_time": "2025-12-11T01:47:51Z",
"source": "amazon-inspector",
"import_time": "2025-12-11T02:41:24.57305401Z"
}
]
}