MAL-2025-3176
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@n37scancp/highlight.js/MAL-2025-3176.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2025-3176
- Published
- 2025-04-08T02:32:45Z
- Modified
- 2025-04-29T00:50:22Z
- Summary
- Malicious code in @n37scancp/highlight.js (npm)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: ossf-package-analysis (944af106fc0b2a334ed1ab4fb6784a0b2cc01e5f795b1de3449b8deaf6560b50)
The OpenSSF Package Analysis project identified '@n37scancp/highlight.js' @ 11.11.12 (npm) as malicious.
It is considered malicious because:
- The package executes one or more commands associated with malicious behavior.
- Database specific
{ "malicious-packages-origins": [ { "source": "ossf-package-analysis", "import_time": "2025-04-09T01:33:39.903443271Z", "modified_time": "2025-04-08T02:46:40Z", "versions": [ "11.11.2" ], "sha256": "50188d758ccf5cf50022352f4b30f7c50730da56af5d97f46dacc134483df696" }, { "source": "ossf-package-analysis", "import_time": "2025-04-09T01:33:39.798892649Z", "modified_time": "2025-04-08T02:32:45Z", "versions": [ "11.11.1" ], "sha256": "508e6bb1fe0b8750829cee985602b37f7a4c4c623a996a7f8e8bc2ee1eb3708d" }, { "source": "ossf-package-analysis", "import_time": "2025-04-09T01:33:40.009239907Z", "modified_time": "2025-04-08T03:11:49Z", "versions": [ "11.11.4" ], "sha256": "995611c6f5636bc26bdd2d40ce287a7dcf61f7d04ceef760f760f54efcabd367" }, { "source": "ossf-package-analysis", "import_time": "2025-04-29T00:49:52.67700238Z", "modified_time": "2025-04-17T15:21:38Z", "versions": [ "11.11.12" ], "sha256": "944af106fc0b2a334ed1ab4fb6784a0b2cc01e5f795b1de3449b8deaf6560b50" } ] }- References
-
- Credits
-
-
- OpenSSF: Package Analysis - FINDER
-
Affected packages
npm / @n37scancp/highlight.js
Package
- Name
- @n37scancp/highlight.js
- View open source insights on deps.dev
- Purl
- pkg:npm/%40n37scancp/highlight.js