MAL-2025-6737

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/newrelic-scheduler/MAL-2025-6737.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-6737
Published
2025-08-02T09:16:16Z
Modified
2025-08-05T06:46:43Z
Summary
Malicious code in newrelic-scheduler (npm)
Details

The package communicates with a domain associated with malicious activity.


-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (283d0b11edc13929f769d9072e403ef35901c2c26167edbfadb2573cbadaa850)

The OpenSSF Package Analysis project identified 'newrelic-scheduler' @ 1.1.2 (npm) as malicious.

It is considered malicious because:

  • The package executes one or more commands associated with malicious behavior.
Database specific
{
    "malicious-packages-origins": [
        {
            "sha256": "283d0b11edc13929f769d9072e403ef35901c2c26167edbfadb2573cbadaa850",
            "source": "ossf-package-analysis",
            "import_time": "2025-08-05T06:46:14.81823383Z",
            "modified_time": "2025-08-02T10:00:48Z",
            "versions": [
                "1.1.2"
            ]
        },
        {
            "sha256": "648e3fc59a43920b3a347c8cbcf53c76ebbf141113527c6d6c9713adb6f6fe07",
            "source": "ossf-package-analysis",
            "import_time": "2025-08-05T06:46:14.304769434Z",
            "modified_time": "2025-08-02T09:16:16Z",
            "versions": [
                "1.0.1"
            ]
        },
        {
            "sha256": "7c011fd9be2efce6737c343219bd3c416fc454ff94ef5918e6138842952a363b",
            "source": "ossf-package-analysis",
            "import_time": "2025-08-05T06:46:14.589319232Z",
            "modified_time": "2025-08-02T09:49:42Z",
            "versions": [
                "1.0.7"
            ]
        },
        {
            "sha256": "8b7c2a5a560f8f878a6e5e8c2b909a0492a561d2c3d4d4548204a020d2497461",
            "source": "ossf-package-analysis",
            "import_time": "2025-08-05T06:46:14.447533581Z",
            "modified_time": "2025-08-02T09:42:15Z",
            "versions": [
                "1.0.5"
            ]
        },
        {
            "sha256": "e04d1963c75c5dddbdf816eaa88b878722d1ddd3396e24b5ab796a3fa0cd36b9",
            "source": "ossf-package-analysis",
            "import_time": "2025-08-05T06:46:14.709081234Z",
            "modified_time": "2025-08-02T09:53:33Z",
            "versions": [
                "1.0.9"
            ]
        }
    ]
}
References
Credits

Affected packages

npm / newrelic-scheduler

Package

Affected ranges

Type
SEMVER
Events
Introduced
1.0.1

Affected versions

1.*
1.0.1
1.0.5
1.0.7
1.0.9
1.1.2

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/newrelic-scheduler/MAL-2025-6737.json"