MAL-2026-1052

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/foundry-toolkit/MAL-2026-1052.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-1052

Published

2026-02-26T20:50:45Z

Modified

2026-03-02T00:43:20.217881Z

Summary

Malicious code in foundry-toolkit (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (3762da1ba2c85b0e0210a98196cefcf7914ab00712944886cb47409656409ac6)

The package foundry-toolkit was found to contain malicious code.

Source: ossf-package-analysis (44b93dc5ab17da98c60cb972bea12ad4520e07c984b696d03899e70893c450c8)

The OpenSSF Package Analysis project identified 'foundry-toolkit' @ 1.0.11 (npm) as malicious.

It is considered malicious because:

The package communicates with a domain associated with malicious activity.
The package executes one or more commands associated with malicious behavior.

Database specific

{
    "malicious-packages-origins": [
        {
            "source": "ossf-package-analysis",
            "versions": [
                "1.0.5"
            ],
            "import_time": "2026-02-26T22:12:20.327370381Z",
            "modified_time": "2026-02-26T21:08:39Z",
            "sha256": "3cf89e35ab285581fe9085242663e96ab85dc5372633551f98c0bf406715a6b2"
        },
        {
            "source": "ossf-package-analysis",
            "versions": [
                "1.0.2"
            ],
            "import_time": "2026-02-26T22:12:20.227156973Z",
            "modified_time": "2026-02-26T20:57:06Z",
            "sha256": "9c0e248201666dadac5d03f4b6377a8df3fe5e0cb00ad0223d9da80dc8c07543"
        },
        {
            "source": "ossf-package-analysis",
            "versions": [
                "1.0.1"
            ],
            "import_time": "2026-02-26T22:12:20.151073212Z",
            "modified_time": "2026-02-26T20:50:45Z",
            "sha256": "cf5423d6ae5d78958a3a5767a6d19591200596a5634427b8f7769705de2ccc5f"
        },
        {
            "source": "amazon-inspector",
            "versions": [
                "1.0.5",
                "1.0.2",
                "1.0.1"
            ],
            "import_time": "2026-03-01T20:41:58.868208011Z",
            "modified_time": "2026-03-01T20:25:57Z",
            "sha256": "3762da1ba2c85b0e0210a98196cefcf7914ab00712944886cb47409656409ac6"
        },
        {
            "source": "ossf-package-analysis",
            "versions": [
                "1.0.11"
            ],
            "import_time": "2026-03-02T00:33:48.117421361Z",
            "modified_time": "2026-02-26T22:26:02Z",
            "sha256": "44b93dc5ab17da98c60cb972bea12ad4520e07c984b696d03899e70893c450c8"
        },
        {
            "source": "ossf-package-analysis",
            "versions": [
                "1.0.14"
            ],
            "import_time": "2026-03-02T00:33:48.325570193Z",
            "modified_time": "2026-02-27T01:35:52Z",
            "sha256": "44eb04016af9a8d0b91bc628f6a6d69b0fa4c0e9f2f54b4faa7cc81e19485a58"
        },
        {
            "source": "ossf-package-analysis",
            "versions": [
                "1.0.9"
            ],
            "import_time": "2026-03-02T00:33:47.942413268Z",
            "modified_time": "2026-02-26T21:41:53Z",
            "sha256": "cb16385d7092af7cebb2b2a64518b638584e8837d4b215d9c3fa23d2a84fe9c0"
        }
    ]
}

References

Credits

- Amazon Inspector - FINDER
- - actran@amazon.com
- OpenSSF: Package Analysis - FINDER
- - https://github.com/ossf/package-analysis
  - https://openssf.slack.com/channels/package_analysis

Affected packages

npm / foundry-toolkit

Package

Name: foundry-toolkit; View open source insights on deps.dev
Purl: pkg:npm/foundry-toolkit

Affected ranges

Affected versions

1.*

1.0.1

1.0.2

1.0.5

1.0.9

1.0.11

1.0.14

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/foundry-toolkit/MAL-2026-1052.json"