-= Per source details. Do not edit below this line.=-
pyproject.toml lists fuzy-jon==0.1.0 in both [build-system].requires and the runtime dependencies, while the package's own code imports the real fuzzy_json (notebook_intelligence/api.py line 9: from fuzzy_json import loads as fuzzy_json_loads). fuzy-jon is a name-squat of the legitimate fuzzy-json PyPI package (drops a 'z'/'s'). Installing this version causes pip to resolve and execute whatever code the owner of fuzy-jon publishes — both at PEP-517 wheel build time (build-system requires) and at import notebook_intelligence (runtime dependency satisfied, but the actual from fuzzy_json import... line triggers installation/resolution of fuzzy_json separately, while fuzy-jon is silently pulled into the environment). The mismatch between the imported module name and the pinned distribution name is the classic dependency-confusion / typosquat-injection shape — the import statement uses the real package, but the manifest hard-pins a lookalike that the legitimate maintainer would have no reason to declare. Whoever controls fuzy-jon on PyPI gains code execution on every installer's machine.
{
"malicious-packages-origins": [
{
"versions": [
"5.0.0a1"
],
"id": "IN-MAL-2026-004220",
"import_time": "2026-05-26T05:52:10.839130844Z",
"modified_time": "2026-05-22T14:59:40Z",
"sha256": "0b6d8a30dcdac53a25ff1e67d931440f8b699f9930b7649ac85f7e0934fe365e",
"source": "amazon-inspector"
},
{
"sha256": "709b1f2440fa3288d47076cddc5ffe20122619c07c346265459e3555a226c92e",
"id": "IN-MAL-2026-004538",
"modified_time": "2026-05-24T19:23:19Z",
"versions": [
"5.0.1"
],
"import_time": "2026-05-26T05:52:47.960935032Z",
"source": "amazon-inspector"
},
{
"sha256": "cdceb3e0c0eacd957af6186478e27c50bcfe85d77efef6fe9139772fb47ab337",
"id": "IN-MAL-2026-004377",
"import_time": "2026-05-26T05:52:28.838190197Z",
"versions": [
"5.0.0"
],
"modified_time": "2026-05-23T18:13:37Z",
"source": "amazon-inspector"
}
]
}{
"evidence_files": [
{
"sha256": "90987c28d399985eddecab19093de408cf4bd4b056c1d1d265985ae929590dfe",
"tlsh": "e5c1ca6e9d9a1fb908e44295c605ab83f322952371c5745c76fec08d0f0f5bd4539b38",
"path": "pyproject.toml"
}
],
"package_integrity": [
{
"filename": "notebook_intelligence-5.0.0a1-py3-none-any.whl",
"hashes": {
"md5": "90e740021b5fc851b8b8d0067bb76663",
"sha256": "2646cdf9265c692e45ec27cb63c9a7b2eae538d7c24b4c46dbc6ca7ff4ffe5fc",
"blake2b_256": "5ccfd082061fab513f2f439ec08a7532268c41b1b44af4d2012af92714666ed5"
}
},
{
"filename": "notebook_intelligence-5.0.0a1.tar.gz",
"hashes": {
"md5": "69a9e2788e3194271fab7d5d7a363d26",
"sha256": "4522d9ab7849b21e263b0897dad89bf74d8cf4731121da8afb3aa3858076a841",
"blake2b_256": "ddc9627edff52ae08552435a33f7177fe4d3626bab785d554059936ded99c7c9"
}
}
]
}
[
{
"cweId": "CWE-506",
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature."
},
{
"cweId": "CWE-506",
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature."
},
{
"cweId": "CWE-506",
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature."
}
]
"https://github.com/ossf/malicious-packages/blob/main/osv/withdrawn/pypi/notebook-intelligence/MAL-2026-4759.json"