MAL-2026-1375

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@adamallana0909/apple-research-test/MAL-2026-1375.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-1375
Published
2026-03-12T14:05:43Z
Modified
2026-03-23T05:36:39.045820Z
Summary
Malicious code in @adamallana0909/apple-research-test (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (7d8bddd202efdf484dda4f9ff697fb7eab0e1227f76c736d92e6af21a85b89fe)

The package @adamallana0909/apple-research-test was found to contain malicious code.

Source: ossf-package-analysis (3af90fe9425ea0b697bf1e9400d9733a99f5bd46cf578b368dcd7859435775a1)

The OpenSSF Package Analysis project identified '@adamallana0909/apple-research-test' @ 99.9.46 (npm) as malicious.

It is considered malicious because:

  • The package executes one or more commands associated with malicious behavior.
Database specific 
{
    "malicious-packages-origins": [
        {
            "sha256": "3af90fe9425ea0b697bf1e9400d9733a99f5bd46cf578b368dcd7859435775a1",
            "import_time": "2026-03-12T22:43:28.062038939Z",
            "modified_time": "2026-03-12T14:33:53Z",
            "versions": [
                "99.9.46"
            ],
            "source": "ossf-package-analysis"
        },
        {
            "sha256": "89ad2ae9a5fd23b9cd85b979b5b6ead303ad56ab7ad48fb3f775c5bd02a8a527",
            "import_time": "2026-03-12T22:43:27.969638496Z",
            "modified_time": "2026-03-12T14:05:43Z",
            "versions": [
                "99.9.30"
            ],
            "source": "ossf-package-analysis"
        },
        {
            "sha256": "7d8bddd202efdf484dda4f9ff697fb7eab0e1227f76c736d92e6af21a85b89fe",
            "import_time": "2026-03-23T05:14:31.816313792Z",
            "modified_time": "2026-03-23T05:11:41Z",
            "versions": [
                "99.9.46",
                "99.9.30"
            ],
            "source": "amazon-inspector"
        }
    ]
}
References
Credits

Affected packages

npm / @adamallana0909/apple-research-test

Package

Name
@adamallana0909/apple-research-test
View open source insights on deps.dev
Purl
pkg:npm/%40adamallana0909/apple-research-test

Affected ranges

Affected versions

99.*
99.9.30
99.9.46

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@adamallana0909/apple-research-test/MAL-2026-1375.json"