MAL-2026-489
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/rank4222wun/MAL-2026-489.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2026-489
- Published
- 2026-01-23T08:25:42Z
- Modified
- 2026-01-24T09:18:02.815470Z
- Summary
- Malicious code in rank4222wun (npm)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (8943e200fcb8e9490a807104f88b84a3de7f0755cf78db6eabf1622e2116b7bb)
The package rank4222wun was found to contain malicious code.
Source: ossf-package-analysis (78ea0d6a42c918be35ffdfd313129dc3ce3cda9d75e81ba68a4d3ad7da7e9bba)
The OpenSSF Package Analysis project identified 'rank4222wun' @ 1.0.14 (npm) as malicious.
It is considered malicious because:
The package communicates with a domain associated with malicious activity.
The package executes one or more commands associated with malicious behavior.
- Database specific
{ "malicious-packages-origins": [ { "modified_time": "2026-01-23T08:25:42Z", "import_time": "2026-01-23T08:45:05.670964389Z", "versions": [ "1.0.6" ], "sha256": "94a7e37c2667f0ed5ceec4dec7b247bfe5d8f169e5aa07b74dda673b623ecc4e", "source": "ossf-package-analysis" }, { "modified_time": "2026-01-23T11:10:39Z", "import_time": "2026-01-23T11:38:08.224526971Z", "versions": [ "1.0.14" ], "sha256": "78ea0d6a42c918be35ffdfd313129dc3ce3cda9d75e81ba68a4d3ad7da7e9bba", "source": "ossf-package-analysis" }, { "modified_time": "2026-01-23T11:16:07Z", "import_time": "2026-01-23T11:38:08.303325197Z", "versions": [ "1.0.15" ], "sha256": "a14740c2dea9d350fd9b0a1e1a5e330f7caf39befbff7649a03e50621618b638", "source": "ossf-package-analysis" }, { "modified_time": "2026-01-23T12:10:45Z", "import_time": "2026-01-23T12:12:47.321376849Z", "versions": [ "1.0.18" ], "sha256": "fdea8a0efa35afa34bcd85cd36d5cc2adfd05d82c97367d96ac15e198818a03b", "source": "ossf-package-analysis" }, { "modified_time": "2026-01-23T12:26:11Z", "import_time": "2026-01-23T12:48:23.041237836Z", "versions": [ "1.0.19" ], "sha256": "e25478c583ec581b62964bfe5abb5c4f418b96962dc9e8fff41f8cd8de7066c3", "source": "ossf-package-analysis" }, { "modified_time": "2026-01-23T12:51:14Z", "import_time": "2026-01-23T13:20:33.956865348Z", "versions": [ "1.0.22" ], "sha256": "ca3c9dc6245fd46482782f77c954037a8734621eb12c371dac6312a9c0caa2e7", "source": "ossf-package-analysis" }, { "modified_time": "2026-01-23T15:01:25Z", "import_time": "2026-01-23T15:09:35.74946884Z", "versions": [ "1.0.31" ], "sha256": "98ed53dd0045b9b3e86c869c2cf15cc608d7645505f13fac0596a1d87a6f5a51", "source": "ossf-package-analysis" }, { "modified_time": "2026-01-23T14:55:46Z", "import_time": "2026-01-23T15:09:35.619870287Z", "versions": [ "1.0.28" ], "sha256": "a1a469d7bdbc5225e1dc4c6af83c408287e6de9c3bd7be96236934e3e1303d83", "source": "ossf-package-analysis" }, { "modified_time": "2026-01-23T15:08:11Z", "import_time": "2026-01-23T15:09:35.965789631Z", "versions": [ "1.0.32" ], "sha256": "da0706c3ffbc0d26440f71ef3466e41bb34f8e8f3f899ab04422743b4acd36af", "source": "ossf-package-analysis" }, { "modified_time": "2026-01-23T15:35:54Z", "import_time": "2026-01-23T15:41:30.142540807Z", "versions": [ "1.0.34" ], "sha256": "1d57fcde7bf1256f68df14c9c988b3cfda83cff6ba2c48fb8dcfc4169fb508e9", "source": "ossf-package-analysis" }, { "modified_time": "2026-01-23T16:35:35Z", "import_time": "2026-01-23T16:45:36.959824627Z", "versions": [ "1.0.39" ], "sha256": "acab63a5f246b16c02f63ae566621e3e8434976b2874b3757f25f87b5e992a4c", "source": "ossf-package-analysis" }, { "modified_time": "2026-01-23T17:21:09Z", "import_time": "2026-01-23T17:40:06.920163931Z", "versions": [ "1.0.44" ], "sha256": "1b1ca1e0c33a50f3bf0ca05ed5da8a941522e1673e17224d02001bd5cb42841b", "source": "ossf-package-analysis" }, { "modified_time": "2026-01-23T17:11:08Z", "import_time": "2026-01-23T17:40:06.863307778Z", "versions": [ "1.0.41" ], "sha256": "a43f7a7cf686d7a0a3e31457b2f73b8129397a572d33f5879fbbde70e12bcfc8", "source": "ossf-package-analysis" }, { "source": "amazon-inspector", "import_time": "2026-01-23T18:47:22.290897766Z", "ranges": [ { "events": [ { "introduced": "0" } ], "type": "SEMVER" } ], "sha256": "8943e200fcb8e9490a807104f88b84a3de7f0755cf78db6eabf1622e2116b7bb", "modified_time": "2026-01-23T18:12:42Z" }, { "modified_time": "2026-01-24T04:20:36Z", "import_time": "2026-01-24T04:44:23.656045573Z", "versions": [ "1.0.53" ], "sha256": "69ccac0f935bd51c398e4886ac3d97914a0329c9b6c3b041cc2268b388173e0b", "source": "ossf-package-analysis" }, { "modified_time": "2026-01-24T04:35:00Z", "import_time": "2026-01-24T04:44:23.828264438Z", "versions": [ "1.0.56" ], "sha256": "70e1435d56ff5ef7038c1f2880442e3ee1c977301f7a081d36e3f16af9d409e8", "source": "ossf-package-analysis" }, { "modified_time": "2026-01-24T04:25:36Z", "import_time": "2026-01-24T04:44:23.752295613Z", "versions": [ "1.0.54" ], "sha256": "c2861b9279e1f49b95bcf8f9369eada2a7a886510508022efc5f75abebdaafeb", "source": "ossf-package-analysis" }, { "modified_time": "2026-01-24T04:55:29Z", "import_time": "2026-01-24T05:08:12.862552323Z", "versions": [ "1.0.58" ], "sha256": "703aa79bd80a6d6e5d7ecdfd169df85b806235e8ff465143013c5bae9dade1fe", "source": "ossf-package-analysis" }, { "modified_time": "2026-01-24T05:20:27Z", "import_time": "2026-01-24T05:39:31.809910339Z", "versions": [ "1.0.60" ], "sha256": "4522be683084ef18f84c4073e56bff6bb4353aa3c33472e281b4069191ef9a05", "source": "ossf-package-analysis" }, { "modified_time": "2026-01-24T08:35:10Z", "import_time": "2026-01-24T08:41:52.326606581Z", "versions": [ "1.0.61" ], "sha256": "408cbe6c3521287ae3f9552a9ea8fd62592e13a2083a89bc824e22a612bac7eb", "source": "ossf-package-analysis" }, { "modified_time": "2026-01-24T08:37:26Z", "import_time": "2026-01-24T08:41:52.489484977Z", "versions": [ "1.0.62" ], "sha256": "943c743f8fc30f0c19edb5310b45a5f7ebcb809f65bad8311f47476aacd2c1b8", "source": "ossf-package-analysis" }, { "modified_time": "2026-01-24T09:03:32Z", "import_time": "2026-01-24T09:07:21.968488512Z", "versions": [ "1.0.64" ], "sha256": "c0d33ee051697027d98626e7d326c88e097f9aed751d609127811e2be82e7485", "source": "ossf-package-analysis" }, { "modified_time": "2026-01-24T08:42:58Z", "import_time": "2026-01-24T09:07:21.833101847Z", "versions": [ "1.0.63" ], "sha256": "fc2ae428a0b050512dca29bc8306a320b2bea0afaa2d1e8d2424afc9807ecb6d", "source": "ossf-package-analysis" } ] }- References
-
- Credits
-
-
- Amazon Inspector - FINDER
-
- OpenSSF: Package Analysis - FINDER
-
Affected packages
npm / rank4222wun
Package
- Name
- rank4222wun
- View open source insights on deps.dev
- Purl
- pkg:npm/rank4222wun
Affected ranges
- Type
- SEMVER
- Events
-
Introduced0Unknown introduced version / All previous versions are affected