MAL-2026-2716
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@needl-ai/common/MAL-2026-2716.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2026-2716
- Published
- 2026-04-05T09:03:43Z
- Modified
- 2026-04-23T21:10:53.413106Z
- Summary
- Malicious code in @needl-ai/common (npm)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (e1b98ae2755d0fd7d61bc3dfd378dc1bad2eadf7ef0033ba66bbf1383a711e5c)
The package @needl-ai/common was found to contain malicious code.
Source: ossf-package-analysis (7eced6745ccb1cab99a3bf2df80ebdb76fa0d0275f88c1956dce1194b94a088e)
The OpenSSF Package Analysis project identified '@needl-ai/common' @ 99.99.2 (npm) as malicious.
It is considered malicious because:
- The package executes one or more commands associated with malicious behavior.
- Database specific
{ "malicious-packages-origins": [ { "id": "RLMA-2026-01861", "import_time": "2026-04-16T15:38:49.248872734Z", "sha256": "07f350bc78b2c6cdf7043391bb1605f22ad848daf744e21f70e4a5b09e90fd13", "source": "reversing-labs", "modified_time": "2026-04-16T09:35:35Z", "versions": [ "1.0.0", "99.99.2" ] }, { "import_time": "2026-04-20T00:43:14.899932342Z", "sha256": "7eced6745ccb1cab99a3bf2df80ebdb76fa0d0275f88c1956dce1194b94a088e", "source": "ossf-package-analysis", "modified_time": "2026-04-05T09:03:43Z", "versions": [ "99.99.2" ] }, { "import_time": "2026-04-23T20:49:06.210894006Z", "sha256": "e1b98ae2755d0fd7d61bc3dfd378dc1bad2eadf7ef0033ba66bbf1383a711e5c", "source": "amazon-inspector", "modified_time": "2026-04-23T20:43:56Z", "versions": [ "1.0.0", "99.99.2" ] } ] }- References
- Credits
-
-
- Amazon Inspector - FINDER
-
- OpenSSF: Package Analysis - FINDER
-
- ReversingLabs - FINDER
-
Affected packages
npm / @needl-ai/common
Package
- Name
- @needl-ai/common
- View open source insights on deps.dev
- Purl
- pkg:npm/%40needl-ai/common