MAL-2025-5173

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/myatt/MAL-2025-5173.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-5173
Published
2025-06-17T06:10:47Z
Modified
2025-06-19T01:34:40Z
Summary
Malicious code in myatt (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (642dc644bf145b2ed3bb5126b58d897d06442693fcfb6747ea553b87ab935bc3)

The OpenSSF Package Analysis project identified 'myatt' @ 1.0.10 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.

  • The package executes one or more commands associated with malicious behavior.

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "1.0.10"
            ],
            "sha256": "642dc644bf145b2ed3bb5126b58d897d06442693fcfb6747ea553b87ab935bc3",
            "modified_time": "2025-06-17T06:10:47Z",
            "source": "ossf-package-analysis",
            "import_time": "2025-06-19T01:34:06.991158999Z"
        },
        {
            "versions": [
                "1.0.15"
            ],
            "sha256": "aa65f292474bd69e3feaca6b6f4d952e61ea02d170dd2d01ee87bb160b655792",
            "modified_time": "2025-06-17T06:40:49Z",
            "source": "ossf-package-analysis",
            "import_time": "2025-06-19T01:34:07.561774695Z"
        },
        {
            "versions": [
                "1.0.12"
            ],
            "sha256": "e5ea967330c90c1578c0ea43dbe6927c145e8bd91aa6dc93de70e86d7a607966",
            "modified_time": "2025-06-17T06:20:54Z",
            "source": "ossf-package-analysis",
            "import_time": "2025-06-19T01:34:07.435547274Z"
        }
    ]
}
References
Credits

Affected packages

npm / myatt

Package

Affected ranges

Affected versions

1.*
1.0.10
1.0.12
1.0.15

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/myatt/MAL-2025-5173.json"