MAL-2026-125

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/kmeet/MAL-2026-125.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-125
Published
2026-01-07T07:40:31Z
Modified
2026-01-08T09:37:10.985920Z
Summary
Malicious code in kmeet (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (0007533264dfce09777a32ebaa374e6f78f7af5ea6d8df57d7a92ce22590a09e)

The package kmeet was found to contain malicious code.

Source: ossf-package-analysis (6d1b109e5fb22408addfc93b1e1c172970312ae04f4b194bf5156abb941742ff)

The OpenSSF Package Analysis project identified 'kmeet' @ 77.7.7 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.

  • The package executes one or more commands associated with malicious behavior.

Database specific 
{
    "malicious-packages-origins": [
        {
            "import_time": "2026-01-07T08:09:38.779907935Z",
            "modified_time": "2026-01-07T07:40:31Z",
            "source": "ossf-package-analysis",
            "sha256": "6d1b109e5fb22408addfc93b1e1c172970312ae04f4b194bf5156abb941742ff",
            "versions": [
                "77.7.7"
            ]
        },
        {
            "import_time": "2026-01-08T09:11:23.052514547Z",
            "modified_time": "2026-01-08T09:02:00Z",
            "source": "amazon-inspector",
            "sha256": "0007533264dfce09777a32ebaa374e6f78f7af5ea6d8df57d7a92ce22590a09e",
            "versions": [
                "77.7.7"
            ]
        }
    ]
}
References
Credits

Affected packages

npm / kmeet

Package

Name
kmeet
View open source insights on deps.dev
Purl
pkg:npm/kmeet

Affected ranges

Affected versions

77.*
77.7.7

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/kmeet/MAL-2026-125.json"