MAL-2025-22
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@vf-org/smapi-js-core/MAL-2025-22.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2025-22
- Published
- 2025-01-06T14:50:50Z
- Modified
- 2025-01-08T23:05:52Z
- Summary
- Malicious code in @vf-org/smapi-js-core (npm)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: ossf-package-analysis (bb778953ccadf1ddd3d3249677a4b7c27133ddd85d451ebe6cf0e04611264b86)
The OpenSSF Package Analysis project identified '@vf-org/smapi-js-core' @ 8.2.10 (npm) as malicious.
It is considered malicious because:
The package communicates with a domain associated with malicious activity.
The package executes one or more commands associated with malicious behavior.
- Database specific
{ "malicious-packages-origins": [ { "sha256": "4d12d4e4388bdfd37673aa9e4527d481312b56703325b9cc938f22cac268f25e", "source": "ossf-package-analysis", "modified_time": "2025-01-06T14:50:50Z", "import_time": "2025-01-06T15:05:37.941040121Z", "versions": [ "8.2.0" ] }, { "sha256": "c65a9bdbdc937bde66ed0fc1af5eacb32463d2b5b5ff062fb3c27be47ba9fe03", "source": "ossf-package-analysis", "modified_time": "2025-01-08T16:06:15Z", "import_time": "2025-01-08T16:06:28.521128934Z", "versions": [ "8.2.8" ] }, { "sha256": "a44e7fb0287f1237c5151a7ad602c96a4a732a7278f5177c6e8421243bfa726a", "source": "ossf-package-analysis", "modified_time": "2025-01-08T17:10:46Z", "import_time": "2025-01-08T17:34:55.668590305Z", "versions": [ "8.2.9" ] }, { "sha256": "bb778953ccadf1ddd3d3249677a4b7c27133ddd85d451ebe6cf0e04611264b86", "source": "ossf-package-analysis", "modified_time": "2025-01-08T17:15:47Z", "import_time": "2025-01-08T17:34:55.8391035Z", "versions": [ "8.2.10" ] }, { "sha256": "f92ac367260d9d488415ebd75540c852fe7fdae91818afa533b1340f7ac473cf", "source": "ossf-package-analysis", "modified_time": "2025-01-08T22:00:44Z", "import_time": "2025-01-08T22:05:22.087692782Z", "versions": [ "8.2.13" ] }, { "sha256": "688b6adf5117395c9f5d438ab7efdfe6fc8a35786f16b70d41ddd8452298d70d", "source": "ossf-package-analysis", "modified_time": "2025-01-08T22:26:02Z", "import_time": "2025-01-08T22:35:42.201873457Z", "versions": [ "8.2.18" ] }, { "sha256": "7eab984c371377d5191c91107044ee8c6d3573e3e736888627b48b4e9e0bc90a", "source": "ossf-package-analysis", "modified_time": "2025-01-08T22:05:49Z", "import_time": "2025-01-08T22:35:41.937936967Z", "versions": [ "8.2.15" ] }, { "sha256": "e08adcf62823628b349e8dd36a3e771d9bc804d5829d37a2a90d4fc97bdd8086", "source": "ossf-package-analysis", "modified_time": "2025-01-08T22:23:28Z", "import_time": "2025-01-08T22:35:42.11336383Z", "versions": [ "8.2.17" ] }, { "sha256": "e4fdda522c1ce47b32dc8df171d8ec813f07f999827664852ebd81a2add8888a", "source": "ossf-package-analysis", "modified_time": "2025-01-08T22:22:45Z", "import_time": "2025-01-08T22:35:42.02666966Z", "versions": [ "8.2.16" ] }, { "sha256": "3c13b97f402fc103044043dbabae1771d17095c19f85e89fa6844e83bba088dd", "source": "ossf-package-analysis", "modified_time": "2025-01-08T22:48:32Z", "import_time": "2025-01-08T23:05:22.49968974Z", "versions": [ "8.2.19" ] } ] }- References
-
- Credits
-
-
- OpenSSF: Package Analysis - FINDER
-
Affected packages
npm / @vf-org/smapi-js-core
Package
- Name
- @vf-org/smapi-js-core
- View open source insights on deps.dev
- Purl
- pkg:npm/%40vf-org/smapi-js-core