MAL-2026-1037
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/get-fonts/MAL-2026-1037.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2026-1037
- Published
- 2026-02-25T04:20:48Z
- Modified
- 2026-03-19T12:44:34.954202Z
- Summary
- Malicious code in get-fonts (npm)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (8d55d952f3fb507a89362a1535e7cf7d781b6f26e82c7130ca008af612bfddf4)
The package get-fonts was found to contain malicious code.
Source: ossf-package-analysis (a255823975ed0735c5e9f65f1bb25526673b56262c85cacdae52072ef8b7910b)
The OpenSSF Package Analysis project identified 'get-fonts' @ 9.9.9 (npm) as malicious.
It is considered malicious because:
- The package executes one or more commands associated with malicious behavior.
- Database specific
{ "malicious-packages-origins": [ { "import_time": "2026-02-26T01:37:59.943223273Z", "sha256": "a255823975ed0735c5e9f65f1bb25526673b56262c85cacdae52072ef8b7910b", "source": "ossf-package-analysis", "modified_time": "2026-02-25T04:20:48Z", "versions": [ "9.9.9" ] }, { "import_time": "2026-03-01T20:41:58.374546171Z", "sha256": "8d55d952f3fb507a89362a1535e7cf7d781b6f26e82c7130ca008af612bfddf4", "source": "amazon-inspector", "modified_time": "2026-03-01T20:25:57Z", "versions": [ "9.9.9" ] }, { "id": "RLMA-2026-01333", "sha256": "2e0693155674102e265f96e09d2d85a210daac8246ba41e4a9961d5a7c16f682", "import_time": "2026-03-19T12:18:53.693160334Z", "source": "reversing-labs", "modified_time": "2026-03-18T12:52:40Z", "versions": [ "9.9.9" ] } ] }- References
-
- Credits
-
-
- Amazon Inspector - FINDER
-
- OpenSSF: Package Analysis - FINDER
-
- ReversingLabs - FINDER
-
Affected packages
npm / get-fonts
Package
- Name
- get-fonts
- View open source insights on deps.dev
- Purl
- pkg:npm/get-fonts