MAL-2025-3511

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/test-kaks3c/MAL-2025-3511.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2025-3511

Published

2025-04-23T16:21:12Z

Modified

2025-04-29T00:50:22Z

Summary

Malicious code in test-kaks3c (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (591289fef82efe1b6a54e8948561a76e1e42addd4e1b62fe61364c894640b6b9)

The OpenSSF Package Analysis project identified 'test-kaks3c' @ 10.0.4 (npm) as malicious.

It is considered malicious because:

The package communicates with a domain associated with malicious activity.
The package executes one or more commands associated with malicious behavior.

Database specific

{
    "malicious-packages-origins": [
        {
            "modified_time": "2025-04-23T16:26:07Z",
            "versions": [
                "10.0.4"
            ],
            "sha256": "591289fef82efe1b6a54e8948561a76e1e42addd4e1b62fe61364c894640b6b9",
            "source": "ossf-package-analysis",
            "import_time": "2025-04-29T00:49:53.13449949Z"
        },
        {
            "modified_time": "2025-04-23T16:21:12Z",
            "versions": [
                "10.0.3"
            ],
            "sha256": "a306da603193d1a99a0db23736774f97cc21f188b2a386574dd0c88b285ae54a",
            "source": "ossf-package-analysis",
            "import_time": "2025-04-29T00:49:53.014590939Z"
        }
    ]
}

References

Credits

- OpenSSF: Package Analysis - FINDER
- - https://github.com/ossf/package-analysis
  - https://openssf.slack.com/channels/package_analysis

Affected packages

npm / test-kaks3c

Package

Name: test-kaks3c; View open source insights on deps.dev
Purl: pkg:npm/test-kaks3c

Affected ranges

Affected versions

10.*

10.0.3

10.0.4

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/test-kaks3c/MAL-2025-3511.json"