MAL-2025-6390

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/eslint-config-pdffiller-typescript/MAL-2025-6390.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-6390
Published
2025-08-01T03:37:23Z
Modified
2025-08-29T06:43:16Z
Summary
Malicious code in eslint-config-pdffiller-typescript (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (bd433611287b0e5010c855eaeac600cc58e87febefac7a8fdcb27568a25d29f2)

The OpenSSF Package Analysis project identified 'eslint-config-pdffiller-typescript' @ 999.0.0 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.
Database specific 
{
    "malicious-packages-origins": [
        {
            "versions": [
                "999.0.0"
            ],
            "modified_time": "2025-08-01T03:37:23Z",
            "sha256": "bd433611287b0e5010c855eaeac600cc58e87febefac7a8fdcb27568a25d29f2",
            "source": "ossf-package-analysis",
            "import_time": "2025-08-01T03:41:57.468733796Z"
        },
        {
            "versions": [
                "99.0.0",
                "999.0.0"
            ],
            "modified_time": "2025-08-28T07:27:30Z",
            "sha256": "8ee54a6fbc49bec6d309f11913803f61ca5f1283bc1c9b2abc184315774b615a",
            "id": "RLMA-2025-04513",
            "source": "reversing-labs",
            "import_time": "2025-08-29T06:42:20.493946102Z"
        }
    ]
}
References
Credits

Affected packages

npm / eslint-config-pdffiller-typescript

Package

Name
eslint-config-pdffiller-typescript
View open source insights on deps.dev
Purl
pkg:npm/eslint-config-pdffiller-typescript

Affected ranges

Affected versions

99.*
99.0.0
999.*
999.0.0

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/eslint-config-pdffiller-typescript/MAL-2025-6390.json"