MAL-2026-2364

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/env-node-cli/MAL-2026-2364.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-2364
Published
2026-03-24T15:44:15Z
Modified
2026-04-07T14:53:12.250159Z
Summary
Malicious code in env-node-cli (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (0b1b6f1e45cba2962a0ff258e15bc55427bc91725fb41409442324f1a19cf520)

The package env-node-cli was found to contain malicious code.

Database specific 
{
    "malicious-packages-origins": [
        {
            "source": "reversing-labs",
            "id": "RLMA-2026-01758",
            "versions": [
                "2.5.5"
            ],
            "import_time": "2026-04-01T12:26:08.47463279Z",
            "modified_time": "2026-03-24T15:44:15Z",
            "sha256": "84b40f149390b8a2bc35b579042d6fef3ebd93e6093935c74dd62e18aa941638"
        },
        {
            "source": "amazon-inspector",
            "versions": [
                "2.5.5"
            ],
            "import_time": "2026-04-07T14:39:22.0907818Z",
            "modified_time": "2026-04-07T14:24:50Z",
            "sha256": "0b1b6f1e45cba2962a0ff258e15bc55427bc91725fb41409442324f1a19cf520"
        }
    ]
}
References
Credits

Affected packages

npm / env-node-cli

Package

Name
env-node-cli
View open source insights on deps.dev
Purl
pkg:npm/env-node-cli

Affected ranges

Affected versions

2.*
2.5.5

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/env-node-cli/MAL-2026-2364.json"