MAL-2026-4646

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/withdrawn/npm/prisma-client-python/MAL-2026-4646.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-4646
Withdrawn
2026-05-26T19:57:08Z
Published
2026-05-22T16:50:36Z
Modified
2026-05-27T00:32:08.023319631Z
Summary
Malicious code in prisma-client-python (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (4ba0c0f6a1d1bdb5bffb45ca56fb99b8084fba921cc7689b6e8913c0436fe392)

The package's CLI flow (ppy generate) reads dist/index.enc, a 346 KB AES-encrypted blob, decrypts it using a key extracted from dist/key.enc (substring 754..799) via crypto-js AES, writes the plaintext to dist/index-run.js, executes it with child_process.spawn(process.execPath, [tempFile,...]), and deletes the temp file in a finally block. The encryption provides no functional benefit — code that needs to run on the user's machine could be shipped as plain JS — and serves only to conceal executable bytes from reviewers and scanners. Decryption-and-exec of opaque payloads is structurally equivalent to the eval(atob(blob)) dropper pattern: even if today's decrypted content is benign, the design allows the publisher to swap arbitrary code into future versions without any visible diff to reviewers. The self-deleting temp file (fs.unlinkSync of dist/index-run.js) further frustrates post-hoc forensic inspection. Additionally, the package name resembles the well-known prisma-client-py Python ORM, raising name-confusion concerns.

Database specific 
{
    "malicious-packages-origins": [
        {
            "import_time": "2026-05-26T05:52:11.94547108Z",
            "source": "amazon-inspector",
            "modified_time": "2026-05-22T16:50:36Z",
            "id": "IN-MAL-2026-004230",
            "sha256": "4ba0c0f6a1d1bdb5bffb45ca56fb99b8084fba921cc7689b6e8913c0436fe392",
            "versions": [
                "0.3.8"
            ]
        }
    ]
}
References
Credits

Affected packages

npm / prisma-client-python

Package

Name
prisma-client-python
View open source insights on deps.dev
Purl
pkg:npm/prisma-client-python

Affected ranges

Affected versions

0.*
0.3.8

Database specific

indicators 
{
    "package_integrity": [
        {
            "filename": "prisma-client-python-0.3.8.tgz",
            "hashes": {
                "sha512_sri": "sha512-yRTkI5H1WOkqeJEPTr+Hs78iNcixf5Zb0EXRfyGmv6GONg7o9NsCcWcd1uexQutPAGw7UpzizZKZOGqv6/8GYw==",
                "sha1": "18e2467f416164a672993a096f3edf767f2d36db"
            }
        }
    ],
    "evidence_files": [
        {
            "path": "dist/generate.js",
            "sha256": "561d553883ca2688b5bf40df5fc8ebe4053baa3157e25c05ccd025ff11fb1041",
            "tlsh": "1941c807d2ad337817e6d895e0986432d3b08ba1316454a4c47c0cab1f69884973b7bd"
        }
    ]
}
cwes 
[
    {
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506"
    }
]
source 
"https://github.com/ossf/malicious-packages/blob/main/osv/withdrawn/npm/prisma-client-python/MAL-2026-4646.json"