MAL-2026-2719

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@youcanneverguessthisonereally/test-pkg/MAL-2026-2719.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-2719
Published
2026-04-16T09:42:05Z
Modified
2026-04-23T21:12:18.568416Z
Summary
Malicious code in @youcanneverguessthisonereally/test-pkg (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (aee30c3c314a7edd599cfa020d43c4fdc7dec927af6e0af8a7772a3b25d8b63c)

The package @youcanneverguessthisonereally/test-pkg was found to contain malicious code.

Database specific 
{
    "malicious-packages-origins": [
        {
            "versions": [
                "1.0.0"
            ],
            "modified_time": "2026-04-16T09:42:05Z",
            "sha256": "3ac6a911aacd0a2e6f13a1c93055590ef4297fe6780f5e9e1fd0c78ed5ba4360",
            "id": "RLMA-2026-01871",
            "source": "reversing-labs",
            "import_time": "2026-04-16T15:38:50.913619483Z"
        },
        {
            "versions": [
                "1.0.0"
            ],
            "modified_time": "2026-04-23T20:43:56Z",
            "sha256": "aee30c3c314a7edd599cfa020d43c4fdc7dec927af6e0af8a7772a3b25d8b63c",
            "source": "amazon-inspector",
            "import_time": "2026-04-23T20:49:09.917400714Z"
        }
    ]
}
References
Credits

Affected packages

npm / @youcanneverguessthisonereally/test-pkg

Package

Name
@youcanneverguessthisonereally/test-pkg
View open source insights on deps.dev
Purl
pkg:npm/%40youcanneverguessthisonereally/test-pkg

Affected ranges

Affected versions

1.*
1.0.0

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@youcanneverguessthisonereally/test-pkg/MAL-2026-2719.json"