MAL-2025-192719

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/calculator-40ed/MAL-2025-192719.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2025-192719

Published

2025-12-23T08:01:36Z

Modified

2025-12-24T01:12:37.398919Z

Summary

Malicious code in calculator-40ed (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (fcb6983999bd21cebf8cf17bcba24387d1246d9e8d1d54ecc1a23080f4eb1435)

The package calculator-40ed was found to contain malicious code.

Database specific

{
    "malicious-packages-origins": [
        {
            "sha256": "3e4a9b497ac0ae9a0e59850981e92de337601780c7af8c97f579b6315ff242f4",
            "source": "reversing-labs",
            "modified_time": "2025-12-23T08:01:36Z",
            "id": "RLMA-2025-06076",
            "versions": [
                "4.0.0",
                "5.0.0"
            ],
            "import_time": "2025-12-23T16:08:08.08046983Z"
        },
        {
            "sha256": "fcb6983999bd21cebf8cf17bcba24387d1246d9e8d1d54ecc1a23080f4eb1435",
            "source": "amazon-inspector",
            "modified_time": "2025-12-24T00:41:11Z",
            "versions": [
                "4.0.0",
                "5.0.0"
            ],
            "import_time": "2025-12-24T00:51:41.979483685Z"
        }
    ]
}

References

Credits

- Amazon Inspector - FINDER
- - actran@amazon.com
- ReversingLabs - FINDER
- - https://www.reversinglabs.com

Affected packages

npm / calculator-40ed

Package

Name: calculator-40ed; View open source insights on deps.dev
Purl: pkg:npm/calculator-40ed

Affected ranges

Affected versions

4.*

4.0.0

5.*

5.0.0

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/calculator-40ed/MAL-2025-192719.json"