MAL-2026-10769

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/easyway2/MAL-2026-10769.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-10769
Aliases
  • GHSA-68c2-54w2-m326
Published
2026-07-17T12:44:58Z
Modified
2026-07-18T02:04:36.264190510Z
Summary
Malicious code in easyway2 (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ghsa-malware (ece63ecb6a3067db91e95d2ae9ac5281e78bd204b775fd9d2a04437d7a009545)

Source: ossf-package-analysis (b70fe150bb8d389d4b3f437dff96763448359cafed12db8139236f3d40b88565)

The OpenSSF Package Analysis project identified 'easyway2' @ 1.0.3 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.

Credit: OpenSSF (source)

Source: ossf-package-analysis (b70fe150bb8d389d4b3f437dff96763448359cafed12db8139236f3d40b88565)

The OpenSSF Package Analysis project identified 'easyway2' @ 1.0.3 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.
Database specific
{
    "malicious-packages-origins": [
        {
            "sha256": "b70fe150bb8d389d4b3f437dff96763448359cafed12db8139236f3d40b88565",
            "import_time": "2026-07-17T12:58:02.018368476Z",
            "modified_time": "2026-07-17T12:44:58Z",
            "source": "ossf-package-analysis",
            "versions": [
                "1.0.3"
            ]
        },
        {
            "sha256": "dff64fea0cd0fc61895597193439279782028def9d61a53fa870e90a4cfb7a50",
            "modified_time": "2026-07-17T14:10:44Z",
            "versions": [
                "1.0.7"
            ],
            "source": "ossf-package-analysis",
            "import_time": "2026-07-17T14:36:10.405326207Z"
        },
        {
            "versions": [
                "1.0.7",
                "1.0.3"
            ],
            "sha256": "ece63ecb6a3067db91e95d2ae9ac5281e78bd204b775fd9d2a04437d7a009545",
            "import_time": "2026-07-18T01:54:31.677359494Z",
            "modified_time": "2026-07-18T01:23:05Z",
            "source": "ghsa-malware",
            "id": "GHSA-68c2-54w2-m326"
        }
    ]
}
References
Credits

Affected packages

npm / easyway2

Package

Affected ranges

Affected versions

1.*
1.0.3
1.0.7

Database specific

cwes
[
    {
        "cweId": "CWE-506",
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature."
    }
]
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/easyway2/MAL-2026-10769.json"