MAL-2026-1710

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/dotenv-cli-node/MAL-2026-1710.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-1710
Published
2026-03-18T12:47:27Z
Modified
2026-03-23T05:41:58.892892Z
Summary
Malicious code in dotenv-cli-node (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (914751db31692fb4c83c9e8e3e2fed123b349d261368499b9caf33dc411b62cd)

The package dotenv-cli-node was found to contain malicious code.

Database specific 
{
    "malicious-packages-origins": [
        {
            "import_time": "2026-03-19T12:18:45.692181938Z",
            "versions": [
                "2.4.5"
            ],
            "modified_time": "2026-03-18T12:47:27Z",
            "id": "RLMA-2026-01247",
            "sha256": "2b19cb30c02228173e0072ae436ce1d5e0c2f6eb6f9f7fa08755075813d6d63f",
            "source": "reversing-labs"
        },
        {
            "import_time": "2026-03-23T05:14:35.037692005Z",
            "versions": [
                "2.4.5"
            ],
            "modified_time": "2026-03-23T05:11:41Z",
            "sha256": "914751db31692fb4c83c9e8e3e2fed123b349d261368499b9caf33dc411b62cd",
            "source": "amazon-inspector"
        }
    ]
}
References
Credits

Affected packages

npm / dotenv-cli-node

Package

Name
dotenv-cli-node
View open source insights on deps.dev
Purl
pkg:npm/dotenv-cli-node

Affected ranges

Affected versions

2.*
2.4.5

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/dotenv-cli-node/MAL-2026-1710.json"