MAL-2025-5617

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/mre-config-react/MAL-2025-5617.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-5617
Published
2025-07-04T13:30:46Z
Modified
2025-07-06T02:44:24Z
Summary
Malicious code in mre-config-react (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (d5df0e2f360db4598ea5c0581dc6d9d9fd55e58f33b11cf940828c691e3791f8)

The OpenSSF Package Analysis project identified 'mre-config-react' @ 1.0.11 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.
Database specific 
{
    "malicious-packages-origins": [
        {
            "source": "ossf-package-analysis",
            "modified_time": "2025-07-04T13:30:46Z",
            "import_time": "2025-07-04T13:41:45.574087379Z",
            "versions": [
                "1.0.4"
            ],
            "sha256": "87103c3c11068320d1078238227c5a30947ed5b2670b6071ffa2c98e2addf5b7"
        },
        {
            "source": "ossf-package-analysis",
            "modified_time": "2025-07-05T22:29:18Z",
            "import_time": "2025-07-05T22:37:06.180883513Z",
            "versions": [
                "1.0.5"
            ],
            "sha256": "f51ab25d8dc6050bb57090676a39536bd0050aa98a19206aec9a5d1ae6b72695"
        },
        {
            "source": "ossf-package-analysis",
            "modified_time": "2025-07-05T22:53:32Z",
            "import_time": "2025-07-05T23:05:52.172704032Z",
            "versions": [
                "1.0.6"
            ],
            "sha256": "2337ab3445c95066ba8fc67ca6932e955c79f54566fcf3c0ac0dde9690f690d2"
        },
        {
            "source": "ossf-package-analysis",
            "modified_time": "2025-07-05T23:19:38Z",
            "import_time": "2025-07-05T23:35:54.019468733Z",
            "versions": [
                "1.0.9"
            ],
            "sha256": "d1f2734c010728f100418bdc655ec980c0a4f056326ebc197135f5ec144c71ee"
        },
        {
            "source": "ossf-package-analysis",
            "modified_time": "2025-07-05T23:10:59Z",
            "import_time": "2025-07-05T23:35:53.930614488Z",
            "versions": [
                "1.0.8"
            ],
            "sha256": "fde19426618dcccfb9342ddea3b186707a4ac9981eaf8f5fa1b0492cee29d0ec"
        },
        {
            "source": "ossf-package-analysis",
            "modified_time": "2025-07-06T00:25:56Z",
            "import_time": "2025-07-06T00:28:20.455581246Z",
            "versions": [
                "1.0.11"
            ],
            "sha256": "d5df0e2f360db4598ea5c0581dc6d9d9fd55e58f33b11cf940828c691e3791f8"
        },
        {
            "source": "ossf-package-analysis",
            "modified_time": "2025-07-06T01:37:16Z",
            "import_time": "2025-07-06T02:44:04.966105348Z",
            "versions": [
                "2.0.6"
            ],
            "sha256": "9e116a0a39418b3967cdaa44497420c02f94d39cdb6527c0415a39e3cf9ffec9"
        },
        {
            "source": "ossf-package-analysis",
            "modified_time": "2025-07-06T01:49:39Z",
            "import_time": "2025-07-06T02:44:05.131511381Z",
            "versions": [
                "2.0.7"
            ],
            "sha256": "d7868aa13c6fee8b89dc91932eeeab1a267f7cc54e816db61e009552699a0538"
        }
    ]
}
References
Credits

Affected packages

npm / mre-config-react

Package

Name
mre-config-react
View open source insights on deps.dev
Purl
pkg:npm/mre-config-react

Affected ranges

Affected versions

1.*

1.0.4
1.0.5
1.0.6
1.0.8
1.0.9
1.0.11

2.*

2.0.6
2.0.7