MAL-2026-3032

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/js-component-explorer/MAL-2026-3032.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-3032
Published
2026-04-25T08:43:55Z
Modified
2026-04-25T09:04:12.592112Z
Summary
Malicious code in js-component-explorer (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (1852a79d37f8be058078b799bf0ac69ac4eef568596a5906c8dcb6213fb44b47)

The OpenSSF Package Analysis project identified 'js-component-explorer' @ 99.9.16 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.

  • The package executes one or more commands associated with malicious behavior.

Database specific 
{
    "malicious-packages-origins": [
        {
            "sha256": "1852a79d37f8be058078b799bf0ac69ac4eef568596a5906c8dcb6213fb44b47",
            "modified_time": "2026-04-25T08:43:55Z",
            "source": "ossf-package-analysis",
            "import_time": "2026-04-25T08:49:03.531811218Z",
            "versions": [
                "99.9.16"
            ]
        },
        {
            "sha256": "52880cb9ad3706768d83d6ec6f18d8ce36274a8c2a04421878a05da9c079f357",
            "modified_time": "2026-04-25T08:45:38Z",
            "source": "ossf-package-analysis",
            "import_time": "2026-04-25T08:49:03.606587145Z",
            "versions": [
                "99.9.17"
            ]
        }
    ]
}
References
Credits

Affected packages

npm / js-component-explorer

Package

Name
js-component-explorer
View open source insights on deps.dev
Purl
pkg:npm/js-component-explorer

Affected ranges

Affected versions

99.*
99.9.16
99.9.17

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/js-component-explorer/MAL-2026-3032.json"