MAL-2026-1718

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/dpc-sign/MAL-2026-1718.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-1718
Published
2026-03-18T12:47:55Z
Modified
2026-03-23T05:42:04.858727Z
Summary
Malicious code in dpc-sign (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (9bed8f08989d03152c2c94da9546830570d0119faefe274f84df980495919a5e)

The package dpc-sign was found to contain malicious code.

Database specific 
{
    "malicious-packages-origins": [
        {
            "sha256": "68ca8f35ec6887077917f1492417a1e7915eac150138176ed1e51857435c701a",
            "source": "reversing-labs",
            "modified_time": "2026-03-18T12:47:55Z",
            "id": "RLMA-2026-01264",
            "versions": [
                "100.0.0"
            ],
            "import_time": "2026-03-19T12:18:47.248442301Z"
        },
        {
            "sha256": "9bed8f08989d03152c2c94da9546830570d0119faefe274f84df980495919a5e",
            "source": "amazon-inspector",
            "modified_time": "2026-03-23T05:11:41Z",
            "versions": [
                "100.0.0"
            ],
            "import_time": "2026-03-23T05:14:26.21736644Z"
        }
    ]
}
References
Credits

Affected packages

npm / dpc-sign

Package

Name
dpc-sign
View open source insights on deps.dev
Purl
pkg:npm/dpc-sign

Affected ranges

Affected versions

100.*
100.0.0

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/dpc-sign/MAL-2026-1718.json"