MAL-2026-1795

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/nchain-clone/MAL-2026-1795.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-1795

Published

2026-03-18T13:00:26Z

Modified

2026-03-23T05:44:19.866708Z

Summary

Malicious code in nchain-clone (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (eac539849e0053adcf6d0d4967489d0b945897e27f64928ad5ed80b097fff8ee)

The package nchain-clone was found to contain malicious code.

Database specific

{
    "malicious-packages-origins": [
        {
            "id": "RLMA-2026-01443",
            "import_time": "2026-03-19T12:19:02.365883142Z",
            "sha256": "5d8348156b4d40ff033d09046ce5115e49eb3c73e3899e92e861cba0495205f0",
            "source": "reversing-labs",
            "modified_time": "2026-03-18T13:00:26Z",
            "versions": [
                "3.3.5"
            ]
        },
        {
            "import_time": "2026-03-23T05:14:10.602393192Z",
            "sha256": "eac539849e0053adcf6d0d4967489d0b945897e27f64928ad5ed80b097fff8ee",
            "source": "amazon-inspector",
            "modified_time": "2026-03-23T05:11:41Z",
            "versions": [
                "3.3.5"
            ]
        }
    ]
}

References

Credits

- Amazon Inspector - FINDER
- - actran@amazon.com
- ReversingLabs - FINDER
- - https://www.reversinglabs.com

Affected packages

npm / nchain-clone

Package

Name: nchain-clone; View open source insights on deps.dev
Purl: pkg:npm/nchain-clone

Affected ranges

Affected versions

3.*

3.3.5

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/nchain-clone/MAL-2026-1795.json"