MAL-2026-3668

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/0xegg2024/MAL-2026-3668.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-3668
Published
2026-05-12T07:44:37Z
Modified
2026-05-13T20:23:26.910493Z
Summary
Malicious code in 0xegg2024 (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (86f32380998652e4d6d7b70da165cff6d669a4c6a6d9297da2a137071abf6317)

Tea.yaml token farming campaign

Database specific 
{
    "malicious-packages-origins": [
        {
            "id": "IN-MAL-2026-002467",
            "import_time": "2026-05-13T20:10:57.207180749Z",
            "sha256": "86f32380998652e4d6d7b70da165cff6d669a4c6a6d9297da2a137071abf6317",
            "source": "amazon-inspector",
            "modified_time": "2026-05-12T19:03:07Z",
            "versions": [
                "1.0.2"
            ]
        }
    ]
}
References
Credits

Affected packages

npm / 0xegg2024

Package

Name
0xegg2024
View open source insights on deps.dev
Purl
pkg:npm/0xegg2024

Affected ranges

Affected versions

1.*
1.0.2

Database specific

cwes 
[
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    }
]
indicators 
{
    "evidence_files": [
        {
            "path": "package.json",
            "sha256": "ea7ae391b71c5a14f1f1a12f6a094c82a593fad25c8eb69b266225fa460d2aeb",
            "tlsh": "47115591ce28d9130bc528e09d781245a2351c6b8d38fc1c33a3936e8f5c5af18f8a7e"
        }
    ],
    "package_integrity": [
        {
            "filename": "0xegg2024-1.0.2.tgz",
            "hashes": {
                "sha512_sri": "sha512-3U5Pk9nCLajGoW9FLn/FccCX+T7dSiiyUGu+ADsB9Htk2+JdDJjbfd5wg/hs/uDtcVHJEXKbA4boCV8E0pRb3w==",
                "sha1": "0345856b85d14c56fe86c4c097719051f83c4962"
            }
        }
    ]
}
source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/0xegg2024/MAL-2026-3668.json"