MAL-2025-47421

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@strong-energetic/test-banned-file/MAL-2025-47421.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-47421
Published
2025-09-17T05:58:45Z
Modified
2025-09-17T05:58:45Z
Summary
Malicious code in @strong-energetic/test-banned-file (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: google-open-source-security (beb2182dad9121d8cdfbd98f321d90cd62cda75f2c4ef68f1a5e22608808dc91)

This package was compromised by the Shai-Hulud NPM worm. The malicious payload steals tokens and credentials and publishes them to GitHub before propogating itself to NPM packages the user owns.

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "1.0.1"
            ],
            "sha256": "beb2182dad9121d8cdfbd98f321d90cd62cda75f2c4ef68f1a5e22608808dc91",
            "modified_time": "2025-09-17T05:58:45Z",
            "source": "google-open-source-security",
            "import_time": "2025-09-17T05:59:33.931323Z"
        }
    ]
}
References

Affected packages

npm / @strong-energetic/test-banned-file

Package

Name
@strong-energetic/test-banned-file
View open source insights on deps.dev
Purl
pkg:npm/%40strong-energetic/test-banned-file

Affected ranges

Affected versions

1.*
1.0.1

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@strong-energetic/test-banned-file/MAL-2025-47421.json"