MAL-2026-1881

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/zip.js-2.8.2/MAL-2026-1881.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-1881
Published
2026-03-18T13:17:25Z
Modified
2026-03-23T05:47:21.907206Z
Summary
Malicious code in zip.js-2.8.2 (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (10faa984dcce106c0df9aa067d4df43300087a73598df5ef841c874d9b507042)

The package zip.js-2.8.2 was found to contain malicious code.

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "99.0.0"
            ],
            "sha256": "a9474290242e32ee175676a2a7aa372fa5b34cc90125f9df49139ff1fc156ae8",
            "import_time": "2026-03-19T12:19:17.688029282Z",
            "modified_time": "2026-03-18T13:17:25Z",
            "id": "RLMA-2026-01672",
            "source": "reversing-labs"
        },
        {
            "sha256": "10faa984dcce106c0df9aa067d4df43300087a73598df5ef841c874d9b507042",
            "import_time": "2026-03-23T05:14:19.504810127Z",
            "modified_time": "2026-03-23T05:11:41Z",
            "source": "amazon-inspector",
            "versions": [
                "99.0.0"
            ]
        }
    ]
}
References
Credits

Affected packages

npm / zip.js-2.8.2

Package

Affected ranges

Affected versions

99.*
99.0.0

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/zip.js-2.8.2/MAL-2026-1881.json"