MAL-2026-2339

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/chai-as-chains/MAL-2026-2339.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-2339
Published
2026-03-24T15:39:59Z
Modified
2026-07-09T09:32:31.368832185Z
Summary
Malicious code in chai-as-chains (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (abf6eaadbaedff56f824c4c68f8af9138c01d40189e0225051d35c52dee1adc9)

The package chai-as-chains was found to contain malicious code.

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "1.2.4"
            ],
            "id": "RLMA-2026-01717",
            "import_time": "2026-04-01T12:26:06.917549351Z",
            "sha256": "7f8ba179a67a575e55b370c591be26055c8f2528382e11880ef147cec6a01cb1",
            "modified_time": "2026-03-24T15:39:59Z",
            "source": "reversing-labs"
        },
        {
            "versions": [
                "1.2.4"
            ],
            "sha256": "abf6eaadbaedff56f824c4c68f8af9138c01d40189e0225051d35c52dee1adc9",
            "import_time": "2026-04-07T14:39:21.979737237Z",
            "modified_time": "2026-04-07T14:24:50Z",
            "source": "amazon-inspector"
        },
        {
            "versions": [
                "1.2.7",
                "1.2.8"
            ],
            "id": "RLUA-2026-04980",
            "import_time": "2026-07-09T09:17:06.293216133Z",
            "sha256": "58e7e56e2ca03a4c07554b7a3f08fb891991baffc564ce3ffea747332581ca1f",
            "modified_time": "2026-07-07T12:43:05Z",
            "source": "reversing-labs"
        }
    ]
}
References
Credits

Affected packages

npm / chai-as-chains

Package

Affected ranges

Affected versions

1.*
1.2.4
1.2.7
1.2.8

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/chai-as-chains/MAL-2026-2339.json"