MAL-2025-5538

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/k6-studio/MAL-2025-5538.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-5538
Published
2025-07-02T23:35:39Z
Modified
2025-07-04T15:37:15Z
Summary
Malicious code in k6-studio (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (3612c26d1ad76ab1a4f6df2260cb8d3b892849fcaf3b0480ef0f8a2c6a92c6d5)

The OpenSSF Package Analysis project identified 'k6-studio' @ 25.99.99 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.
Database specific 
{
    "malicious-packages-origins": [
        {
            "versions": [
                "25.99.99"
            ],
            "modified_time": "2025-07-02T23:35:39Z",
            "source": "ossf-package-analysis",
            "sha256": "3612c26d1ad76ab1a4f6df2260cb8d3b892849fcaf3b0480ef0f8a2c6a92c6d5",
            "import_time": "2025-07-02T23:36:37.504332911Z"
        },
        {
            "versions": [
                "90.99.99"
            ],
            "modified_time": "2025-07-04T15:10:47Z",
            "source": "ossf-package-analysis",
            "sha256": "ebc7af34abdfe3753462831dc8bef9b9efe4c56c279fb24d54748e4fb62a7ce9",
            "import_time": "2025-07-04T15:36:53.274469949Z"
        }
    ]
}
References
Credits

Affected packages

npm / k6-studio

Package

Name
k6-studio
View open source insights on deps.dev
Purl
pkg:npm/k6-studio

Affected ranges

Affected versions

25.*

25.99.99

26.*

26.99.99

90.*

90.99.99