MAL-2025-5537

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@frontend-clients/design-system/MAL-2025-5537.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-5537
Published
2025-07-02T22:05:07Z
Modified
2025-07-02T22:38:27Z
Summary
Malicious code in @frontend-clients/design-system (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (7fe458099d7b7c0662a9f2283b87071d2afc98b120e402fc20ce916a5b5962ff)

The OpenSSF Package Analysis project identified '@frontend-clients/design-system' @ 10.0.0 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.

  • The package executes one or more commands associated with malicious behavior.

Database specific 
{
    "malicious-packages-origins": [
        {
            "sha256": "7fe458099d7b7c0662a9f2283b87071d2afc98b120e402fc20ce916a5b5962ff",
            "import_time": "2025-07-02T22:06:05.492291691Z",
            "source": "ossf-package-analysis",
            "modified_time": "2025-07-02T22:05:07Z",
            "versions": [
                "10.0.0"
            ]
        },
        {
            "sha256": "ef8d47b7c84cd0d9df2f20b4a753c661d34b684ebb23810d60b031a39911c1d9",
            "import_time": "2025-07-02T22:38:06.932988779Z",
            "source": "ossf-package-analysis",
            "modified_time": "2025-07-02T22:22:31Z",
            "versions": [
                "11.0.0"
            ]
        }
    ]
}
References
Credits

Affected packages

npm / @frontend-clients/design-system

Package

Name
@frontend-clients/design-system
View open source insights on deps.dev
Purl
pkg:npm/%40frontend-clients/design-system

Affected ranges

Affected versions

10.*
10.0.0
11.*
11.0.0

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@frontend-clients/design-system/MAL-2025-5537.json"