MAL-2026-1376

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@appleseed-apple/ac-sasskit/MAL-2026-1376.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-1376
Published
2026-03-12T11:35:51Z
Modified
2026-03-23T05:37:18.527116Z
Summary
Malicious code in @appleseed-apple/ac-sasskit (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (88124096765095b75d53f5129410a02db9d3966422e222d21b811aa0699ea725)

The package @appleseed-apple/ac-sasskit was found to contain malicious code.

Source: ossf-package-analysis (a2438dea0d9c11785c29b36ff7920dbfd9412490895daef75183203268e86947)

The OpenSSF Package Analysis project identified '@appleseed-apple/ac-sasskit' @ 99.9.9 (npm) as malicious.

It is considered malicious because:

  • The package executes one or more commands associated with malicious behavior.
Database specific 
{
    "malicious-packages-origins": [
        {
            "modified_time": "2026-03-12T11:35:51Z",
            "versions": [
                "99.9.9"
            ],
            "sha256": "a2438dea0d9c11785c29b36ff7920dbfd9412490895daef75183203268e86947",
            "source": "ossf-package-analysis",
            "import_time": "2026-03-12T22:43:27.872068904Z"
        },
        {
            "modified_time": "2026-03-23T05:11:41Z",
            "versions": [
                "99.9.9"
            ],
            "sha256": "88124096765095b75d53f5129410a02db9d3966422e222d21b811aa0699ea725",
            "source": "amazon-inspector",
            "import_time": "2026-03-23T05:14:01.880604394Z"
        }
    ]
}
References
Credits

Affected packages

npm / @appleseed-apple/ac-sasskit

Package

Name
@appleseed-apple/ac-sasskit
View open source insights on deps.dev
Purl
pkg:npm/%40appleseed-apple/ac-sasskit

Affected ranges

Affected versions

99.*
99.9.9

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@appleseed-apple/ac-sasskit/MAL-2026-1376.json"