MAL-2026-2377

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/no-function-declare-after-return/MAL-2026-2377.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-2377
Published
2026-03-24T15:53:17Z
Modified
2026-04-07T14:54:44.733203Z
Summary
Malicious code in no-function-declare-after-return (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (40f5de9e9b3e66259de31f34cf47ef3b38b8fefc1e80d860c6dab7cade495bca)

The package no-function-declare-after-return was found to contain malicious code.

Database specific 
{
    "malicious-packages-origins": [
        {
            "id": "RLMA-2026-01795",
            "sha256": "1765f8d2f3a39520b1372749ce87a89bd4b9cfbb244acaebb1d7d1b4dee61f82",
            "import_time": "2026-04-01T12:26:10.051175546Z",
            "source": "reversing-labs",
            "modified_time": "2026-03-24T15:53:17Z",
            "versions": [
                "5.1.0"
            ]
        },
        {
            "import_time": "2026-04-07T14:39:14.347079693Z",
            "sha256": "40f5de9e9b3e66259de31f34cf47ef3b38b8fefc1e80d860c6dab7cade495bca",
            "source": "amazon-inspector",
            "modified_time": "2026-04-07T14:24:50Z",
            "versions": [
                "5.1.0"
            ]
        }
    ]
}
References
Credits

Affected packages

npm / no-function-declare-after-return

Package

Name
no-function-declare-after-return
View open source insights on deps.dev
Purl
pkg:npm/no-function-declare-after-return

Affected ranges

Affected versions

5.*
5.1.0

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/no-function-declare-after-return/MAL-2026-2377.json"