-= Per source details. Do not edit below this line.=-
The OpenSSF Package Analysis project identified 'www-cfg' @ 1.0.2 (npm) as malicious.
It is considered malicious because:
The package communicates with a domain associated with malicious activity.
The package executes one or more commands associated with malicious behavior.
{
"malicious-packages-origins": [
{
"sha256": "8e83ae0e09d965d0daf4532cb29c1b79698d342dc5afb338632d224d1f2706cc",
"versions": [
"1.0.2"
],
"import_time": "2025-06-06T04:10:57.82334393Z",
"modified_time": "2025-06-06T03:55:46Z",
"source": "ossf-package-analysis"
},
{
"sha256": "39c5698ac2696841d58213ea59921d641901f6c624b8aa1b343a19fcc412d429",
"id": "RLMA-2025-03504",
"import_time": "2025-06-18T15:06:41.907149761Z",
"modified_time": "2025-06-18T10:45:36Z",
"versions": [
"1.0.1",
"1.0.2"
],
"source": "reversing-labs"
}
]
}