MAL-2025-48431

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/enjin-docs/MAL-2025-48431.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2025-48431

Published

2025-10-15T21:50:40Z

Modified

2025-10-16T00:25:02Z

Summary

Malicious code in enjin-docs (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (24afa8ea540d65aaac41e9b8290ea35057d333217eca4a50410143aa9e993bd4)

The OpenSSF Package Analysis project identified 'enjin-docs' @ 15.2.0 (npm) as malicious.

It is considered malicious because:

The package communicates with a domain associated with malicious activity.
The package executes one or more commands associated with malicious behavior.

Database specific

{
    "malicious-packages-origins": [
        {
            "import_time": "2025-10-15T22:05:36.227991179Z",
            "sha256": "aa4de351aa4b33df056e33ba724412cd5826482a919ebadd8bd3452e04d990e4",
            "source": "ossf-package-analysis",
            "modified_time": "2025-10-15T21:50:40Z",
            "versions": [
                "8.0.0"
            ]
        },
        {
            "import_time": "2025-10-15T23:05:49.47180005Z",
            "sha256": "b7989808937419fdbf560893a42153b6424bb1e665f9e82f30880c8930351700",
            "source": "ossf-package-analysis",
            "modified_time": "2025-10-15T22:52:24Z",
            "versions": [
                "9.0.0"
            ]
        },
        {
            "import_time": "2025-10-15T23:34:19.872702018Z",
            "sha256": "24afa8ea540d65aaac41e9b8290ea35057d333217eca4a50410143aa9e993bd4",
            "source": "ossf-package-analysis",
            "modified_time": "2025-10-15T23:15:29Z",
            "versions": [
                "15.2.0"
            ]
        },
        {
            "import_time": "2025-10-15T23:34:19.6953968Z",
            "sha256": "3e4c45a6bea990e1499c08cb749de162bff6f5207146478391d67cb1abda6e4e",
            "source": "ossf-package-analysis",
            "modified_time": "2025-10-15T23:07:12Z",
            "versions": [
                "15.0.0"
            ]
        },
        {
            "import_time": "2025-10-15T23:34:19.783018093Z",
            "sha256": "e52e9c7d8a459cb623d505938906902bd2d9492e68ce7902f87a9bbcf7070a8a",
            "source": "ossf-package-analysis",
            "modified_time": "2025-10-15T23:12:42Z",
            "versions": [
                "15.1.0"
            ]
        },
        {
            "import_time": "2025-10-16T00:24:32.360676453Z",
            "sha256": "b90340a835c5c67709f0d4b8318121835ebf582a6e7396229c6d37f152ba9646",
            "source": "ossf-package-analysis",
            "modified_time": "2025-10-15T23:36:41Z",
            "versions": [
                "15.2.2"
            ]
        },
        {
            "import_time": "2025-10-16T00:24:32.480521421Z",
            "sha256": "e59c0db5b0d0a70e673cc82806361842e940a5a07833cbb0a1a61174578ce0b5",
            "source": "ossf-package-analysis",
            "modified_time": "2025-10-15T23:50:59Z",
            "versions": [
                "16.4.4"
            ]
        }
    ]
}

References

Credits

- Amazon Inspector - FINDER
- - actran@amazon.com
- OpenSSF: Package Analysis - FINDER
- - https://github.com/ossf/package-analysis
  - https://openssf.slack.com/channels/package_analysis

Affected packages

npm / enjin-docs

Package

Name: enjin-docs; View open source insights on deps.dev
Purl: pkg:npm/enjin-docs

Affected ranges

Affected versions

8.*

8.0.0

9.*

9.0.0

15.*

15.0.0

15.1.0

15.2.0

15.2.2

16.*

16.4.4

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/enjin-docs/MAL-2025-48431.json"