MAL-2026-2015

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/lingewindows/MAL-2026-2015.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-2015
Published
2026-03-21T15:46:11Z
Modified
2026-03-23T05:43:51.884386Z
Summary
Malicious code in lingewindows (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (1764671c9ae79c37db80b846d9e8efe94714732160dda25659a8e96f7dadb39d)

The package lingewindows was found to contain malicious code.

Source: ossf-package-analysis (e696256205c30e261ded5433b14a5b4d64d0afba5ec932a77ebcac248eceb80e)

The OpenSSF Package Analysis project identified 'lingewindows' @ 99.3.380452 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.

  • The package executes one or more commands associated with malicious behavior.

Database specific 
{
    "malicious-packages-origins": [
        {
            "source": "ossf-package-analysis",
            "versions": [
                "99.3.380452"
            ],
            "import_time": "2026-03-21T16:09:54.69288987Z",
            "modified_time": "2026-03-21T15:46:11Z",
            "sha256": "e696256205c30e261ded5433b14a5b4d64d0afba5ec932a77ebcac248eceb80e"
        },
        {
            "source": "amazon-inspector",
            "versions": [
                "99.3.380452"
            ],
            "import_time": "2026-03-23T05:14:32.52012927Z",
            "modified_time": "2026-03-23T05:11:41Z",
            "sha256": "1764671c9ae79c37db80b846d9e8efe94714732160dda25659a8e96f7dadb39d"
        }
    ]
}
References
Credits

Affected packages

npm / lingewindows

Package

Name
lingewindows
View open source insights on deps.dev
Purl
pkg:npm/lingewindows

Affected ranges

Affected versions

99.*
99.3.380452

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/lingewindows/MAL-2026-2015.json"