MAL-2026-1879

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/yahoo-commerce/MAL-2026-1879.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-1879
Published
2026-03-18T13:16:42Z
Modified
2026-03-23T05:47:22.691673Z
Summary
Malicious code in yahoo-commerce (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (e3725b1c28bf27cb9ae988e61fc0c7b790b588587cef59086e7d63460f2241a9)

The package yahoo-commerce was found to contain malicious code.

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "99.99.99"
            ],
            "sha256": "1d9b1475309cbeddd6421c8d19e447f33607997ef2faf0c8d6f6fc6dd9ff4a75",
            "import_time": "2026-03-19T12:19:16.738165936Z",
            "modified_time": "2026-03-18T13:16:42Z",
            "id": "RLMA-2026-01662",
            "source": "reversing-labs"
        },
        {
            "sha256": "e3725b1c28bf27cb9ae988e61fc0c7b790b588587cef59086e7d63460f2241a9",
            "import_time": "2026-03-23T05:14:26.935499369Z",
            "modified_time": "2026-03-23T05:11:41Z",
            "source": "amazon-inspector",
            "versions": [
                "99.99.99"
            ]
        }
    ]
}
References
Credits

Affected packages

npm / yahoo-commerce

Package

Affected ranges

Affected versions

99.*
99.99.99

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/yahoo-commerce/MAL-2026-1879.json"