MAL-2025-4972
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@glofe/company/MAL-2025-4972.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2025-4972
- Published
- 2025-06-15T16:40:46Z
- Modified
- 2025-06-18T01:11:33Z
- Summary
- Malicious code in @glofe/company (npm)
- Details
-
The package communicates with a domain associated with malicious activity.
-= Per source details. Do not edit below this line.=-
Source: ossf-package-analysis (1c5480bb5f834f28a3384d3dffa6cc27aa4b9b774a690fb81004ca419c69e0db)
The OpenSSF Package Analysis project identified '@glofe/company' @ 9999.0.1 (npm) as malicious.
It is considered malicious because:
- The package communicates with a domain associated with malicious activity.
- Database specific
{ "malicious-packages-origins": [ { "source": "ossf-package-analysis", "import_time": "2025-06-15T17:04:44.371395429Z", "sha256": "1c5480bb5f834f28a3384d3dffa6cc27aa4b9b774a690fb81004ca419c69e0db", "versions": [ "9999.0.1" ], "modified_time": "2025-06-15T16:55:11Z" }, { "source": "ossf-package-analysis", "import_time": "2025-06-15T17:04:43.968824982Z", "sha256": "5329252005d6ee0c5b30088038d5f262a5605b7ed2fe897499526dbc7b2beef4", "versions": [ "9999.0.0" ], "modified_time": "2025-06-15T16:40:46Z" }, { "source": "ossf-package-analysis", "import_time": "2025-06-15T18:06:39.812070193Z", "sha256": "43e580de4eda680c86be038d49287a8914dd803e45f45d02f12dfc4d679c6259", "versions": [ "9999.0.2" ], "modified_time": "2025-06-15T17:50:47Z" }, { "source": "ossf-package-analysis", "import_time": "2025-06-15T21:04:47.405849089Z", "sha256": "fbd841de509dd452de03efffae2642d3f768edf10cb25f65bc05f94dc25d1521", "versions": [ "9999.0.4" ], "modified_time": "2025-06-15T20:37:28Z" } ] }- References
-
- Credits
-
-
- Amazon Inspector - FINDER
-
- OpenSSF: Package Analysis - FINDER
-
Affected packages
npm / @glofe/company
Package
- Name
- @glofe/company
- View open source insights on deps.dev
- Purl
- pkg:npm/%40glofe/company