MAL-2026-2383

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/phantom-module/MAL-2026-2383.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-2383

Published

2026-03-24T15:55:16Z

Modified

2026-04-07T14:55:18.667917Z

Summary

Malicious code in phantom-module (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (679c2a8141e65585d4f03cd60fc7ae30d9c6f7ee8cbc3a0858860220efdfb08d)

The package phantom-module was found to contain malicious code.

Database specific

{
    "malicious-packages-origins": [
        {
            "source": "reversing-labs",
            "id": "RLMA-2026-01806",
            "versions": [
                "122.0.0",
                "123.0.0"
            ],
            "import_time": "2026-04-01T12:26:10.579114008Z",
            "modified_time": "2026-03-24T15:55:16Z",
            "sha256": "1e309f82e107b62200cb79cbb4f09157563f2e2c2a9663df4a3cb681c07910f8"
        },
        {
            "source": "amazon-inspector",
            "versions": [
                "122.0.0",
                "123.0.0"
            ],
            "import_time": "2026-04-07T14:39:11.894306086Z",
            "modified_time": "2026-04-07T14:24:50Z",
            "sha256": "679c2a8141e65585d4f03cd60fc7ae30d9c6f7ee8cbc3a0858860220efdfb08d"
        }
    ]
}

References

Credits

- Amazon Inspector - FINDER
- - actran@amazon.com
- ReversingLabs - FINDER
- - https://www.reversinglabs.com

Affected packages

npm / phantom-module

Package

Name: phantom-module; View open source insights on deps.dev
Purl: pkg:npm/phantom-module

Affected ranges

Affected versions

122.*

122.0.0

123.*

123.0.0

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/phantom-module/MAL-2026-2383.json"