MAL-2025-192884

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/vite-react-setting/MAL-2025-192884.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-192884
Published
2025-12-23T08:35:16Z
Modified
2026-01-02T22:04:45.199667Z
Summary
Malicious code in vite-react-setting (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (a8a246e42e62b3ccd2cac32fc43c833154af9a78ee11e47c84bad10cf7895b25)

The package vite-react-setting was found to contain malicious code.

Database specific 
{
    "malicious-packages-origins": [
        {
            "source": "reversing-labs",
            "id": "RLMA-2025-06533",
            "modified_time": "2025-12-23T08:35:16Z",
            "sha256": "1879e4c79926383029679ed7c4b8f09139097632267513ac842b1b1f3ebe0cf7",
            "versions": [
                "0.7.6"
            ],
            "import_time": "2025-12-24T10:07:29.48966685Z"
        },
        {
            "source": "amazon-inspector",
            "modified_time": "2026-01-02T21:29:26Z",
            "sha256": "a8a246e42e62b3ccd2cac32fc43c833154af9a78ee11e47c84bad10cf7895b25",
            "versions": [
                "0.7.6"
            ],
            "import_time": "2026-01-02T21:35:51.233155895Z"
        }
    ]
}
References
Credits

Affected packages

npm / vite-react-setting

Package

Name
vite-react-setting
View open source insights on deps.dev
Purl
pkg:npm/vite-react-setting

Affected ranges

Affected versions

0.*
0.7.6

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/vite-react-setting/MAL-2025-192884.json"