MAL-2026-448

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/rank253222/MAL-2026-448.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-448
Published
2026-01-22T07:50:51Z
Modified
2026-01-23T01:52:45.675621Z
Summary
Malicious code in rank253222 (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (b5018dad195b0f107123f1ab9240ebe4944cd08688982be0c2e9c6203ba9cff1)

The package rank253222 was found to contain malicious code.

Source: ossf-package-analysis (1144fbc4237182c8daebd781f34df7ec24e61f4c826e481dbfa9d7b0bffaeabe)

The OpenSSF Package Analysis project identified 'rank253222' @ 1.0.1 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.

  • The package executes one or more commands associated with malicious behavior.

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "1.0.1"
            ],
            "sha256": "1144fbc4237182c8daebd781f34df7ec24e61f4c826e481dbfa9d7b0bffaeabe",
            "modified_time": "2026-01-22T08:00:49Z",
            "source": "ossf-package-analysis",
            "import_time": "2026-01-22T08:09:37.837324886Z"
        },
        {
            "versions": [
                "1.0.0"
            ],
            "sha256": "d14b07e8aa625cbb0133786a7ecd3fc6557ef16fb1a60d95122597ad48bb1bbf",
            "modified_time": "2026-01-22T07:50:51Z",
            "source": "ossf-package-analysis",
            "import_time": "2026-01-22T08:09:37.742698968Z"
        },
        {
            "versions": [
                "1.0.6"
            ],
            "sha256": "600ee373e6755a5883fe737f3cab5f059ed62afb0eece28a10da54986ceebf29",
            "modified_time": "2026-01-22T08:30:45Z",
            "source": "ossf-package-analysis",
            "import_time": "2026-01-22T08:46:48.757566311Z"
        },
        {
            "versions": [
                "1.0.8"
            ],
            "sha256": "72ac3aea2ea8c56c4c573f747f6d1105a22a3f4165bf43cc02f445fba86b9401",
            "modified_time": "2026-01-22T08:35:50Z",
            "source": "ossf-package-analysis",
            "import_time": "2026-01-22T08:46:48.884168886Z"
        },
        {
            "versions": [
                "1.0.1",
                "1.0.0",
                "1.0.6",
                "1.0.8"
            ],
            "sha256": "b5018dad195b0f107123f1ab9240ebe4944cd08688982be0c2e9c6203ba9cff1",
            "modified_time": "2026-01-23T01:13:12Z",
            "source": "amazon-inspector",
            "import_time": "2026-01-23T01:36:51.370490526Z"
        }
    ]
}
References
Credits

Affected packages

npm / rank253222

Package

Affected ranges

Affected versions

1.*
1.0.0
1.0.1
1.0.6
1.0.8

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/rank253222/MAL-2026-448.json"