MAL-2026-3184

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@breezeai-frontend/tailwind-config/MAL-2026-3184.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-3184
Published
2026-04-29T21:15:52Z
Modified
2026-05-05T00:07:14.289005Z
Summary
Malicious code in @breezeai-frontend/tailwind-config (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (93dd597412bdae22d265ee51f76a40cefa637f09bdf73cb7ede9ac63daf05ac8)

The package @breezeai-frontend/tailwind-config was found to contain malicious code.

Source: ossf-package-analysis (5191702f2f83e003cfcf35e73e89379f2bc00ea802baf50b2d2f4e25744743a4)

The OpenSSF Package Analysis project identified '@breezeai-frontend/tailwind-config' @ 99.99.99 (npm) as malicious.

It is considered malicious because:

  • The package executes one or more commands associated with malicious behavior.
Database specific 
{
    "malicious-packages-origins": [
        {
            "import_time": "2026-04-29T23:23:38.414153994Z",
            "sha256": "bd12b184ac36b35e21a57501e49f36004051dc406b5ed184edb98c82291a922f",
            "source": "ossf-package-analysis",
            "modified_time": "2026-04-29T21:15:52Z",
            "versions": [
                "1.0.0"
            ]
        },
        {
            "import_time": "2026-04-30T22:23:12.678414298Z",
            "sha256": "93dd597412bdae22d265ee51f76a40cefa637f09bdf73cb7ede9ac63daf05ac8",
            "source": "amazon-inspector",
            "modified_time": "2026-04-30T21:59:18Z",
            "versions": [
                "1.0.0"
            ]
        },
        {
            "import_time": "2026-05-04T03:13:22.887232947Z",
            "sha256": "5191702f2f83e003cfcf35e73e89379f2bc00ea802baf50b2d2f4e25744743a4",
            "source": "ossf-package-analysis",
            "modified_time": "2026-05-03T12:35:41Z",
            "versions": [
                "99.99.99"
            ]
        },
        {
            "import_time": "2026-05-04T23:49:26.559713779Z",
            "sha256": "a065043aea8681bb5e5b9f66d45fb9468f3551b7e88b7a442200a8d6eb240c2a",
            "source": "ossf-package-analysis",
            "modified_time": "2026-05-04T13:25:05Z",
            "versions": [
                "100.0.0"
            ]
        }
    ]
}
References
Credits

Affected packages

npm / @breezeai-frontend/tailwind-config

Package

Name
@breezeai-frontend/tailwind-config
View open source insights on deps.dev
Purl
pkg:npm/%40breezeai-frontend/tailwind-config

Affected ranges

Affected versions

1.*
1.0.0
99.*
99.99.99
100.*
100.0.0

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@breezeai-frontend/tailwind-config/MAL-2026-3184.json"