MAL-2026-3412
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/post-purchase-bundler/MAL-2026-3412.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2026-3412
- Published
- 2026-05-10T10:00:29Z
- Modified
- 2026-05-12T07:57:51.976605Z
- Summary
- Malicious code in post-purchase-bundler (npm)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (3a33aa69ef958573a786f3db208d8ee335829e14009d1fdafecbc842ed493b8b)
The package post-purchase-bundler was found to contain malicious code.
Source: ossf-package-analysis (6ee91ffff812d05531df7ad59d39eb10a0db8bf0ed97263701d772f4a5429e60)
The OpenSSF Package Analysis project identified 'post-purchase-bundler' @ 99.9.25 (npm) as malicious.
It is considered malicious because:
- The package communicates with a domain associated with malicious activity.
- Database specific
{ "malicious-packages-origins": [ { "source": "ossf-package-analysis", "versions": [ "99.9.9" ], "import_time": "2026-05-10T10:34:44.116201041Z", "modified_time": "2026-05-10T10:00:29Z", "sha256": "e9f3292f2f19840d6a3685add8754353fcf47bd9240b53ab5552b6a716254e7a" }, { "source": "ossf-package-analysis", "versions": [ "99.9.25" ], "import_time": "2026-05-10T12:50:36.06548091Z", "modified_time": "2026-05-10T12:46:14Z", "sha256": "6ee91ffff812d05531df7ad59d39eb10a0db8bf0ed97263701d772f4a5429e60" }, { "source": "amazon-inspector", "versions": [ "99.9.9", "99.9.25" ], "import_time": "2026-05-12T07:28:49.308581483Z", "modified_time": "2026-05-12T06:53:21Z", "sha256": "3a33aa69ef958573a786f3db208d8ee335829e14009d1fdafecbc842ed493b8b" } ] }- References
-
- Credits
-
-
- Amazon Inspector - FINDER
-
- OpenSSF: Package Analysis - FINDER
-
Affected packages
npm / post-purchase-bundler
Package
- Name
- post-purchase-bundler
- View open source insights on deps.dev
- Purl
- pkg:npm/post-purchase-bundler