MAL-2025-192725

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/chai-pack/MAL-2025-192725.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-192725
Aliases
  • SNYK-JS-CHAIPACK-14152241
Published
2025-12-23T08:02:18Z
Modified
2026-04-01T12:40:51.671460Z
Summary
Malicious code in chai-pack (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (a153ef79c99f8b960c8e0557a16cb187571a31c3d4c2479e177ab630b36b6af6)

The package chai-pack was found to contain malicious code.

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "5.1.0"
            ],
            "sha256": "19978df65270f651588b97e4f4dc4c7faa561c93925fda06cbe4d75b75a94196",
            "modified_time": "2025-12-23T08:02:18Z",
            "source": "reversing-labs",
            "id": "RLMA-2025-06089",
            "import_time": "2025-12-23T16:08:08.895396833Z"
        },
        {
            "versions": [
                "5.1.0"
            ],
            "sha256": "a153ef79c99f8b960c8e0557a16cb187571a31c3d4c2479e177ab630b36b6af6",
            "modified_time": "2025-12-24T00:41:11Z",
            "source": "amazon-inspector",
            "import_time": "2025-12-24T00:51:44.447336378Z"
        },
        {
            "versions": [
                "1.1.7"
            ],
            "sha256": "e971cc20e649cc965be323ec45888434a827875cd9aca6ea38dec784c5716c4a",
            "modified_time": "2026-03-18T12:43:08Z",
            "source": "reversing-labs",
            "id": "RLUA-2026-01178",
            "import_time": "2026-03-19T12:20:51.279787696Z"
        },
        {
            "versions": [
                "1.1.9"
            ],
            "sha256": "b5780e0f5c67426d679ef2fceb31dbd8c1093f8b1d81ec55583989355dc7a3f3",
            "modified_time": "2026-03-24T15:40:15Z",
            "source": "reversing-labs",
            "id": "RLUA-2026-01726",
            "import_time": "2026-04-01T12:26:13.814680649Z"
        }
    ]
}
References
Credits

Affected packages

npm / chai-pack

Package

Affected ranges

Affected versions

1.*
1.1.7
1.1.9
5.*
5.1.0

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/chai-pack/MAL-2025-192725.json"