The package communicates with a domain associated with malicious activity.
-= Per source details. Do not edit below this line.=-
The OpenSSF Package Analysis project identified 'jenkins-trigger-action' @ 10.0.1 (npm) as malicious.
It is considered malicious because:
{
"malicious-packages-origins": [
{
"sha256": "fedbad1242e09329c414a95c493ce62c39c15cad4472ef5fc4a8b9b836834fb4",
"source": "ossf-package-analysis",
"import_time": "2025-08-18T06:09:44.557817944Z",
"modified_time": "2025-08-13T02:52:53Z",
"versions": [
"10.0.1"
]
},
{
"sha256": "0f97eff5dd54dd13845608b28c3008eaca991bcd852f48bad3f5c6c22358b43a",
"id": "RLMA-2025-04572",
"source": "reversing-labs",
"import_time": "2025-08-29T06:42:26.126399934Z",
"modified_time": "2025-08-28T07:31:41Z",
"versions": [
"1.0.0",
"2.0.1",
"6.1.2",
"6.3.3",
"6.3.4",
"10.0.1"
]
}
]
}