MAL-2026-1713

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/dotenv-node-cli/MAL-2026-1713.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-1713
Published
2026-03-18T12:47:39Z
Modified
2026-03-23T05:42:02.439425Z
Summary
Malicious code in dotenv-node-cli (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (f5f6b181cb56922381245597b93fd06147dd83845cd9467098172f6eab07a7c0)

The package dotenv-node-cli was found to contain malicious code.

Database specific 
{
    "malicious-packages-origins": [
        {
            "import_time": "2026-03-19T12:18:46.603286976Z",
            "versions": [
                "3.3.5"
            ],
            "modified_time": "2026-03-18T12:47:39Z",
            "id": "RLMA-2026-01256",
            "sha256": "47f9904f1d1f47b2cea85dcb73f5caf8e848a2dca9ad279bc04835f0fc3f7b2c",
            "source": "reversing-labs"
        },
        {
            "import_time": "2026-03-23T05:13:59.011163426Z",
            "versions": [
                "3.3.5"
            ],
            "modified_time": "2026-03-23T05:11:41Z",
            "sha256": "f5f6b181cb56922381245597b93fd06147dd83845cd9467098172f6eab07a7c0",
            "source": "amazon-inspector"
        }
    ]
}
References
Credits

Affected packages

npm / dotenv-node-cli

Package

Name
dotenv-node-cli
View open source insights on deps.dev
Purl
pkg:npm/dotenv-node-cli

Affected ranges

Affected versions

3.*
3.3.5

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/dotenv-node-cli/MAL-2026-1713.json"