MAL-2025-192801

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/hiro-docs/MAL-2025-192801.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-192801
Published
2025-12-23T08:16:14Z
Modified
2025-12-24T01:10:47.028073Z
Summary
Malicious code in hiro-docs (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (88d9fa34d301fc54a2088114411b7016fb25c8f3b581c52f9e0613b103edda15)

The package hiro-docs was found to contain malicious code.

Database specific 
{
    "malicious-packages-origins": [
        {
            "id": "RLMA-2025-06363",
            "import_time": "2025-12-23T22:38:31.189619345Z",
            "sha256": "194711f5dd27675c678e89915744bdfc791583da456fcef70cc1511e7f40fd83",
            "modified_time": "2025-12-23T08:16:14Z",
            "source": "reversing-labs",
            "versions": [
                "1.0.0"
            ]
        },
        {
            "sha256": "88d9fa34d301fc54a2088114411b7016fb25c8f3b581c52f9e0613b103edda15",
            "import_time": "2025-12-24T00:51:41.526706824Z",
            "source": "amazon-inspector",
            "modified_time": "2025-12-24T00:41:11Z",
            "versions": [
                "1.0.0"
            ]
        }
    ]
}
References
Credits

Affected packages

npm / hiro-docs

Package

Name
hiro-docs
View open source insights on deps.dev
Purl
pkg:npm/hiro-docs

Affected ranges

Affected versions

1.*
1.0.0

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/hiro-docs/MAL-2025-192801.json"