MAL-2026-2872
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/ts-form-helpers/MAL-2026-2872.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2026-2872
- Published
- 2026-04-11T14:19:50Z
- Modified
- 2026-04-23T21:18:26.954013Z
- Summary
- Malicious code in ts-form-helpers (npm)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (8f2ff1bf87164fdeb2ca9c37d578f7156164a344ffd11bcdb84ce34880358fea)
The package ts-form-helpers was found to contain malicious code.
Source: ossf-package-analysis (03c4b487f2e5dc4371e52ec785f67e4136f90bdc76b4d606d5b5b35144efe923)
The OpenSSF Package Analysis project identified 'ts-form-helpers' @ 1.0.18 (npm) as malicious.
It is considered malicious because:
- The package executes one or more commands associated with malicious behavior.
- Database specific
{ "malicious-packages-origins": [ { "import_time": "2026-04-20T00:43:17.371109645Z", "sha256": "03c4b487f2e5dc4371e52ec785f67e4136f90bdc76b4d606d5b5b35144efe923", "source": "ossf-package-analysis", "modified_time": "2026-04-12T01:03:18Z", "versions": [ "1.0.18" ] }, { "import_time": "2026-04-20T00:43:16.967682737Z", "sha256": "0c314d26df0c2daea5f69869dbb4b1959738d2873570f7e027f6350faf9a0786", "source": "ossf-package-analysis", "modified_time": "2026-04-11T20:29:16Z", "versions": [ "1.0.13" ] }, { "import_time": "2026-04-20T00:43:16.65297946Z", "sha256": "90abb53d102a0c368314be204c03f283f3e54d0fd792679f2e0019cd79f08c1f", "source": "ossf-package-analysis", "modified_time": "2026-04-11T19:29:46Z", "versions": [ "1.0.10" ] }, { "import_time": "2026-04-20T00:43:15.77933224Z", "sha256": "92661520265b266a63bb83aadd1a3c9400ac1dcfb640d8dfb8b1122fe46bedbf", "source": "ossf-package-analysis", "modified_time": "2026-04-11T14:19:50Z", "versions": [ "1.0.2" ] }, { "import_time": "2026-04-20T00:43:17.167483226Z", "sha256": "bf77b5d83fbfb16ddd9cac5fcfb5dc0e715a4bbb3c4cc351e49906d09ee92764", "source": "ossf-package-analysis", "modified_time": "2026-04-11T23:35:41Z", "versions": [ "1.0.16" ] }, { "import_time": "2026-04-20T00:43:16.444594565Z", "sha256": "1aa47687404163838140764087de91930e8bdb0fd7d00c08ab75a674456c505b", "source": "ossf-package-analysis", "modified_time": "2026-04-11T18:26:51Z", "versions": [ "1.0.7" ] }, { "import_time": "2026-04-20T00:43:16.54490758Z", "sha256": "bcb126288f47f8bb0fd5197879fa01fd64e775d279a3ca662450030a0dc998db", "source": "ossf-package-analysis", "modified_time": "2026-04-11T19:20:55Z", "versions": [ "1.0.9" ] }, { "import_time": "2026-04-20T00:43:16.755920281Z", "sha256": "43946e88377c56bb8ef8e37cee38ccb875164cbf924ee69ddd1cf6382de11520", "source": "ossf-package-analysis", "modified_time": "2026-04-11T19:45:23Z", "versions": [ "1.0.11" ] }, { "import_time": "2026-04-20T00:43:16.861330397Z", "sha256": "53a68de24f292b0872d2be6d02dc83cb667f7d91a39410de43e5bcac5cf07d15", "source": "ossf-package-analysis", "modified_time": "2026-04-11T20:10:43Z", "versions": [ "1.0.12" ] }, { "import_time": "2026-04-20T00:43:16.089083843Z", "sha256": "5e57c38d30ad43e284f27321e5f92270205f0419b02b43a22c2c62c1ae0994f9", "source": "ossf-package-analysis", "modified_time": "2026-04-11T14:39:09Z", "versions": [ "1.0.1" ] }, { "import_time": "2026-04-20T00:43:16.311327892Z", "sha256": "843fcd3bd5be9b4334b1cced2bd896f1e34c6855979dc2e47bb2b3ccf746da48", "source": "ossf-package-analysis", "modified_time": "2026-04-11T15:03:51Z", "versions": [ "1.0.6" ] }, { "import_time": "2026-04-20T00:43:15.991357981Z", "sha256": "ac3a22d5b0392c96b73e7703507748438bd423812b133c4d6ac566a6ffa5ff10", "source": "ossf-package-analysis", "modified_time": "2026-04-11T14:35:37Z", "versions": [ "1.0.5" ] }, { "import_time": "2026-04-20T00:43:15.870337808Z", "sha256": "ce1d349f2b5bf175488006f4761309c092e8fed24e6428514e5c87f74154797d", "source": "ossf-package-analysis", "modified_time": "2026-04-11T14:21:17Z", "versions": [ "1.0.3" ] }, { "import_time": "2026-04-20T00:43:17.066973838Z", "sha256": "fac138f8c03eace59fc49d61ae383155af4b82963d9cc29d5085d6cdfb6b31c5", "source": "ossf-package-analysis", "modified_time": "2026-04-11T22:15:14Z", "versions": [ "1.0.15" ] }, { "import_time": "2026-04-20T00:43:17.270613774Z", "sha256": "a9f421ecc63fb7d76fde7b8e0f9ee85d74092f82f3aed33cab67e45e218c65b0", "source": "ossf-package-analysis", "modified_time": "2026-04-12T00:08:44Z", "versions": [ "1.0.17" ] }, { "import_time": "2026-04-20T00:43:16.206330354Z", "sha256": "de6fa1ca65abdc6b7d0ffcd9aee006dbb164de70ad1e0cd604a4ec5ae7bcfdf4", "source": "ossf-package-analysis", "modified_time": "2026-04-11T14:52:58Z", "versions": [ "1.0.4" ] }, { "import_time": "2026-04-23T20:49:02.13912721Z", "sha256": "8f2ff1bf87164fdeb2ca9c37d578f7156164a344ffd11bcdb84ce34880358fea", "source": "amazon-inspector", "modified_time": "2026-04-23T20:43:56Z", "versions": [ "1.0.18", "1.0.13", "1.0.10", "1.0.2", "1.0.16", "1.0.7", "1.0.9", "1.0.11", "1.0.12", "1.0.1", "1.0.6", "1.0.5", "1.0.3", "1.0.15", "1.0.17", "1.0.4" ] } ] }- References
-
- Credits
-
-
- Amazon Inspector - FINDER
-
- OpenSSF: Package Analysis - FINDER
-
Affected packages
npm / ts-form-helpers
Package
- Name
- ts-form-helpers
- View open source insights on deps.dev
- Purl
- pkg:npm/ts-form-helpers