MAL-2026-1684

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/chai-proxy/MAL-2026-1684.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-1684
Published
2026-03-18T12:43:24Z
Modified
2026-03-23T05:40:49.058735Z
Summary
Malicious code in chai-proxy (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (19abbfde079ce3f23e7c34a0234c9d56fc21ea648c3136c5034128e5d463d036)

The package chai-proxy was found to contain malicious code.

Database specific 
{
    "malicious-packages-origins": [
        {
            "sha256": "a7e5ae44fbed28810ffa7bed21dd831c43272b110c0b17296cf7cd3c42c9bf37",
            "source": "reversing-labs",
            "modified_time": "2026-03-18T12:43:24Z",
            "id": "RLMA-2026-01189",
            "versions": [
                "2.4.2",
                "2.4.3"
            ],
            "import_time": "2026-03-19T12:18:40.911657736Z"
        },
        {
            "sha256": "19abbfde079ce3f23e7c34a0234c9d56fc21ea648c3136c5034128e5d463d036",
            "source": "amazon-inspector",
            "modified_time": "2026-03-23T05:11:41Z",
            "versions": [
                "2.4.2",
                "2.4.3"
            ],
            "import_time": "2026-03-23T05:14:20.656826312Z"
        }
    ]
}
References
Credits

Affected packages

npm / chai-proxy

Package

Name
chai-proxy
View open source insights on deps.dev
Purl
pkg:npm/chai-proxy

Affected ranges

Affected versions

2.*
2.4.2
2.4.3

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/chai-proxy/MAL-2026-1684.json"