The package communicates with a domain associated with malicious activity.
-= Per source details. Do not edit below this line.=-
The OpenSSF Package Analysis project identified 'sdp-transform-parser' @ 99.99.100 (npm) as malicious.
It is considered malicious because:
The package communicates with a domain associated with malicious activity.
The package executes one or more commands associated with malicious behavior.
{
"malicious-packages-origins": [
{
"sha256": "d6f0bf5deb53b6f1424914462ad86d16738a1118a744d709e3e37abaf8907134",
"source": "ossf-package-analysis",
"import_time": "2025-08-22T02:34:57.297714407Z",
"modified_time": "2025-08-22T01:55:52Z",
"versions": [
"99.99.100"
]
},
{
"sha256": "438899bb3957f0a67048b52b32607a1e4e8a954434c0e5482b4a30e336e09641",
"source": "ossf-package-analysis",
"import_time": "2025-08-23T05:35:59.404069188Z",
"modified_time": "2025-08-23T05:35:43Z",
"versions": [
"9999.0.2"
]
},
{
"sha256": "ac6c9f7bd8d683d0ac227cc4cc38fce0cfb726fb6f69577f49e26ba282dfbbb1",
"source": "ossf-package-analysis",
"import_time": "2025-08-23T05:35:59.152643163Z",
"modified_time": "2025-08-23T05:10:45Z",
"versions": [
"9999.0.0"
]
},
{
"sha256": "bdbadf924620c79652d50ccedd3ddbc5f1a6dbe501c03f5dc79697404147ba08",
"source": "ossf-package-analysis",
"import_time": "2025-08-23T05:35:59.280936963Z",
"modified_time": "2025-08-23T05:30:38Z",
"versions": [
"9999.0.1"
]
},
{
"sha256": "661e3decfcbcead3d43fa8a310a39e36907cd561dcbab79724141d6369ead777",
"id": "RLMA-2025-05148",
"source": "reversing-labs",
"import_time": "2025-09-26T11:06:03.471102247Z",
"modified_time": "2025-09-26T09:43:19Z",
"versions": [
"99.99.99",
"99.99.100",
"9999.0.0",
"9999.0.1",
"9999.0.2"
]
}
]
}