MAL-2026-2018
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@modals/blockchain/MAL-2026-2018.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2026-2018
- Published
- 2026-03-21T22:54:09Z
- Modified
- 2026-03-23T05:38:28.352405Z
- Summary
- Malicious code in @modals/blockchain (npm)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (9883b4336552c287c2c3ed9bb5888cc22173cd8b39fd181552f858607f0ffa70)
The package @modals/blockchain was found to contain malicious code.
Source: ossf-package-analysis (21323c6073b08f12b7cdd4f39bddd6eddde6bcde93041da8b41df45b79ae89e1)
The OpenSSF Package Analysis project identified '@modals/blockchain' @ 99999.0.1 (npm) as malicious.
It is considered malicious because:
The package communicates with a domain associated with malicious activity.
The package executes one or more commands associated with malicious behavior.
- Database specific
{ "malicious-packages-origins": [ { "source": "ossf-package-analysis", "versions": [ "99999.0.1" ], "import_time": "2026-03-21T23:09:18.378834745Z", "modified_time": "2026-03-21T22:57:53Z", "sha256": "21323c6073b08f12b7cdd4f39bddd6eddde6bcde93041da8b41df45b79ae89e1" }, { "source": "ossf-package-analysis", "versions": [ "99999.0.0" ], "import_time": "2026-03-21T23:09:18.315436975Z", "modified_time": "2026-03-21T22:54:09Z", "sha256": "22bfdc93e5d10d896a7e0dde6d162c209e246f0bfe3c550a0a5e1185b46eeb89" }, { "source": "amazon-inspector", "versions": [ "99999.0.1", "99999.0.0" ], "import_time": "2026-03-23T05:13:58.778786704Z", "modified_time": "2026-03-23T05:11:41Z", "sha256": "9883b4336552c287c2c3ed9bb5888cc22173cd8b39fd181552f858607f0ffa70" } ] }- References
-
- Credits
-
-
- Amazon Inspector - FINDER
-
- OpenSSF: Package Analysis - FINDER
-
Affected packages
npm / @modals/blockchain
Package
- Name
- @modals/blockchain
- View open source insights on deps.dev
- Purl
- pkg:npm/%40modals/blockchain