MAL-2025-192817

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/jz-native-js-bridge/MAL-2025-192817.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-192817
Published
2025-12-23T08:18:18Z
Modified
2026-01-02T22:05:29.986107Z
Summary
Malicious code in jz-native-js-bridge (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (8f5be9f16b75f7bf0ca5477443252a99142fcc146e923a7f77862df124ad6ac5)

The package jz-native-js-bridge was found to contain malicious code.

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "114.5.14"
            ],
            "id": "RLMA-2025-06383",
            "modified_time": "2025-12-23T08:18:18Z",
            "import_time": "2025-12-24T10:07:24.162688713Z",
            "sha256": "ee57d8bcf4e4e447f0b30d39a1fcc672e0e62f94a16fdadc59d1bcc0c37b1e15",
            "source": "reversing-labs"
        },
        {
            "versions": [
                "114.5.14"
            ],
            "import_time": "2026-01-02T21:35:50.345962986Z",
            "modified_time": "2026-01-02T21:29:26Z",
            "sha256": "8f5be9f16b75f7bf0ca5477443252a99142fcc146e923a7f77862df124ad6ac5",
            "source": "amazon-inspector"
        }
    ]
}
References
Credits

Affected packages

npm / jz-native-js-bridge

Package

Name
jz-native-js-bridge
View open source insights on deps.dev
Purl
pkg:npm/jz-native-js-bridge

Affected ranges

Affected versions

114.*
114.5.14

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/jz-native-js-bridge/MAL-2025-192817.json"