MAL-2026-1578

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/browser-gaming-client/MAL-2026-1578.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-1578

Published

2026-03-19T07:25:41Z

Modified

2026-03-23T05:39:24.788494Z

Summary

Malicious code in browser-gaming-client (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (6192938bfd5be1cecf133866c6e290b57293bede88ca5b11d8af9aab40bae003)

The package browser-gaming-client was found to contain malicious code.

Source: ossf-package-analysis (7e9007604eefaa8b83b60ceee0ec3b2c45b2c0c666016fca81dc74eb94c21bcb)

The OpenSSF Package Analysis project identified 'browser-gaming-client' @ 99.0.0 (npm) as malicious.

It is considered malicious because:

The package communicates with a domain associated with malicious activity.

Database specific

{
    "malicious-packages-origins": [
        {
            "versions": [
                "99.0.0"
            ],
            "import_time": "2026-03-19T07:48:06.885384102Z",
            "modified_time": "2026-03-19T07:25:41Z",
            "sha256": "7e9007604eefaa8b83b60ceee0ec3b2c45b2c0c666016fca81dc74eb94c21bcb",
            "source": "ossf-package-analysis"
        },
        {
            "versions": [
                "99.0.3"
            ],
            "import_time": "2026-03-19T08:18:07.054889942Z",
            "modified_time": "2026-03-19T07:55:41Z",
            "sha256": "bef51d1e3b201fe1599636d4dbb8c131b18d6a53bda4f97eeee5cc34191413c4",
            "source": "ossf-package-analysis"
        },
        {
            "versions": [
                "99.0.4"
            ],
            "import_time": "2026-03-19T08:18:07.273089256Z",
            "modified_time": "2026-03-19T08:09:15Z",
            "sha256": "d76349504f0aec6d7be105b14fafe74e673913f1ceb8652a8ef786cce58d0d22",
            "source": "ossf-package-analysis"
        },
        {
            "versions": [
                "99.0.5"
            ],
            "import_time": "2026-03-19T08:47:48.193930852Z",
            "modified_time": "2026-03-19T08:42:46Z",
            "sha256": "499817d13773aa120b362da4545ff53901a8061328741dfce8dfd8ae9911360a",
            "source": "ossf-package-analysis"
        },
        {
            "versions": [
                "99.0.0",
                "99.0.3",
                "99.0.4",
                "99.0.5"
            ],
            "import_time": "2026-03-23T05:13:59.792820308Z",
            "modified_time": "2026-03-23T05:11:41Z",
            "sha256": "6192938bfd5be1cecf133866c6e290b57293bede88ca5b11d8af9aab40bae003",
            "source": "amazon-inspector"
        }
    ]
}

References

Credits

- Amazon Inspector - FINDER
- - actran@amazon.com
- OpenSSF: Package Analysis - FINDER
- - https://github.com/ossf/package-analysis
  - https://openssf.slack.com/channels/package_analysis

Affected packages

npm / browser-gaming-client

Package

Name: browser-gaming-client; View open source insights on deps.dev
Purl: pkg:npm/browser-gaming-client

Affected ranges

Affected versions

99.*

99.0.0

99.0.3

99.0.4

99.0.5

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/browser-gaming-client/MAL-2026-1578.json"