MAL-2025-192834

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/node-calculator-7b82/MAL-2025-192834.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2025-192834

Published

2025-12-23T08:22:04Z

Modified

2026-01-02T22:05:43.531051Z

Summary

Malicious code in node-calculator-7b82 (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (ab2f82876e6176f6336e0a72a8dfbbb4b3c1521bf9cb7cec6b5a5e29065893f2)

The package node-calculator-7b82 was found to contain malicious code.

Database specific

{
    "malicious-packages-origins": [
        {
            "sha256": "51375ab180c2d3ce470f24715b6374f70e63696643c1ec3903789fbcc44bcca9",
            "source": "reversing-labs",
            "modified_time": "2025-12-23T08:22:04Z",
            "id": "RLMA-2025-06416",
            "versions": [
                "2.4.0",
                "2.5.0",
                "2.6.0"
            ],
            "import_time": "2025-12-24T10:07:25.264152957Z"
        },
        {
            "sha256": "ab2f82876e6176f6336e0a72a8dfbbb4b3c1521bf9cb7cec6b5a5e29065893f2",
            "source": "amazon-inspector",
            "modified_time": "2026-01-02T21:29:26Z",
            "versions": [
                "2.4.0",
                "2.5.0",
                "2.6.0"
            ],
            "import_time": "2026-01-02T21:35:48.564550599Z"
        }
    ]
}

References

Credits

- Amazon Inspector - FINDER
- - actran@amazon.com
- ReversingLabs - FINDER
- - https://www.reversinglabs.com

Affected packages

npm / node-calculator-7b82

Package

Name: node-calculator-7b82; View open source insights on deps.dev
Purl: pkg:npm/node-calculator-7b82

Affected ranges

Affected versions

2.*

2.4.0

2.5.0

2.6.0

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/node-calculator-7b82/MAL-2025-192834.json"