MAL-2026-489
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/rank4222wun/MAL-2026-489.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2026-489
- Aliases
-
- GHSA-3phq-qxp9-55pv
- Published
- 2026-01-23T08:25:42Z
- Modified
- 2026-01-28T07:08:16.214723Z
- Summary
- Malicious code in rank4222wun (npm)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (8943e200fcb8e9490a807104f88b84a3de7f0755cf78db6eabf1622e2116b7bb)
The package rank4222wun was found to contain malicious code.
Source: ghsa-malware (b038264ab3a4c0c18b74f04b49afed8d46c5294841a752da7aa3455b32eaa8e1)
Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.
Source: ossf-package-analysis (78ea0d6a42c918be35ffdfd313129dc3ce3cda9d75e81ba68a4d3ad7da7e9bba)
The OpenSSF Package Analysis project identified 'rank4222wun' @ 1.0.14 (npm) as malicious.
It is considered malicious because:
The package communicates with a domain associated with malicious activity.
The package executes one or more commands associated with malicious behavior.
- Database specific
{ "malicious-packages-origins": [ { "sha256": "94a7e37c2667f0ed5ceec4dec7b247bfe5d8f169e5aa07b74dda673b623ecc4e", "import_time": "2026-01-23T08:45:05.670964389Z", "source": "ossf-package-analysis", "modified_time": "2026-01-23T08:25:42Z", "versions": [ "1.0.6" ] }, { "sha256": "78ea0d6a42c918be35ffdfd313129dc3ce3cda9d75e81ba68a4d3ad7da7e9bba", "import_time": "2026-01-23T11:38:08.224526971Z", "source": "ossf-package-analysis", "modified_time": "2026-01-23T11:10:39Z", "versions": [ "1.0.14" ] }, { "sha256": "a14740c2dea9d350fd9b0a1e1a5e330f7caf39befbff7649a03e50621618b638", "import_time": "2026-01-23T11:38:08.303325197Z", "source": "ossf-package-analysis", "modified_time": "2026-01-23T11:16:07Z", "versions": [ "1.0.15" ] }, { "sha256": "fdea8a0efa35afa34bcd85cd36d5cc2adfd05d82c97367d96ac15e198818a03b", "import_time": "2026-01-23T12:12:47.321376849Z", "source": "ossf-package-analysis", "modified_time": "2026-01-23T12:10:45Z", "versions": [ "1.0.18" ] }, { "sha256": "e25478c583ec581b62964bfe5abb5c4f418b96962dc9e8fff41f8cd8de7066c3", "import_time": "2026-01-23T12:48:23.041237836Z", "source": "ossf-package-analysis", "modified_time": "2026-01-23T12:26:11Z", "versions": [ "1.0.19" ] }, { "sha256": "ca3c9dc6245fd46482782f77c954037a8734621eb12c371dac6312a9c0caa2e7", "import_time": "2026-01-23T13:20:33.956865348Z", "source": "ossf-package-analysis", "modified_time": "2026-01-23T12:51:14Z", "versions": [ "1.0.22" ] }, { "sha256": "98ed53dd0045b9b3e86c869c2cf15cc608d7645505f13fac0596a1d87a6f5a51", "import_time": "2026-01-23T15:09:35.74946884Z", "source": "ossf-package-analysis", "modified_time": "2026-01-23T15:01:25Z", "versions": [ "1.0.31" ] }, { "sha256": "a1a469d7bdbc5225e1dc4c6af83c408287e6de9c3bd7be96236934e3e1303d83", "import_time": "2026-01-23T15:09:35.619870287Z", "source": "ossf-package-analysis", "modified_time": "2026-01-23T14:55:46Z", "versions": [ "1.0.28" ] }, { "sha256": "da0706c3ffbc0d26440f71ef3466e41bb34f8e8f3f899ab04422743b4acd36af", "import_time": "2026-01-23T15:09:35.965789631Z", "source": "ossf-package-analysis", "modified_time": "2026-01-23T15:08:11Z", "versions": [ "1.0.32" ] }, { "sha256": "1d57fcde7bf1256f68df14c9c988b3cfda83cff6ba2c48fb8dcfc4169fb508e9", "import_time": "2026-01-23T15:41:30.142540807Z", "source": "ossf-package-analysis", "modified_time": "2026-01-23T15:35:54Z", "versions": [ "1.0.34" ] }, { "sha256": "acab63a5f246b16c02f63ae566621e3e8434976b2874b3757f25f87b5e992a4c", "import_time": "2026-01-23T16:45:36.959824627Z", "source": "ossf-package-analysis", "modified_time": "2026-01-23T16:35:35Z", "versions": [ "1.0.39" ] }, { "sha256": "1b1ca1e0c33a50f3bf0ca05ed5da8a941522e1673e17224d02001bd5cb42841b", "import_time": "2026-01-23T17:40:06.920163931Z", "source": "ossf-package-analysis", "modified_time": "2026-01-23T17:21:09Z", "versions": [ "1.0.44" ] }, { "sha256": "a43f7a7cf686d7a0a3e31457b2f73b8129397a572d33f5879fbbde70e12bcfc8", "import_time": "2026-01-23T17:40:06.863307778Z", "source": "ossf-package-analysis", "modified_time": "2026-01-23T17:11:08Z", "versions": [ "1.0.41" ] }, { "sha256": "8943e200fcb8e9490a807104f88b84a3de7f0755cf78db6eabf1622e2116b7bb", "import_time": "2026-01-23T18:47:22.290897766Z", "ranges": [ { "type": "SEMVER", "events": [ { "introduced": "0" } ] } ], "modified_time": "2026-01-23T18:12:42Z", "source": "amazon-inspector" }, { "sha256": "69ccac0f935bd51c398e4886ac3d97914a0329c9b6c3b041cc2268b388173e0b", "import_time": "2026-01-24T04:44:23.656045573Z", "source": "ossf-package-analysis", "modified_time": "2026-01-24T04:20:36Z", "versions": [ "1.0.53" ] }, { "sha256": "70e1435d56ff5ef7038c1f2880442e3ee1c977301f7a081d36e3f16af9d409e8", "import_time": "2026-01-24T04:44:23.828264438Z", "source": "ossf-package-analysis", "modified_time": "2026-01-24T04:35:00Z", "versions": [ "1.0.56" ] }, { "sha256": "c2861b9279e1f49b95bcf8f9369eada2a7a886510508022efc5f75abebdaafeb", "import_time": "2026-01-24T04:44:23.752295613Z", "source": "ossf-package-analysis", "modified_time": "2026-01-24T04:25:36Z", "versions": [ "1.0.54" ] }, { "sha256": "703aa79bd80a6d6e5d7ecdfd169df85b806235e8ff465143013c5bae9dade1fe", "import_time": "2026-01-24T05:08:12.862552323Z", "source": "ossf-package-analysis", "modified_time": "2026-01-24T04:55:29Z", "versions": [ "1.0.58" ] }, { "sha256": "4522be683084ef18f84c4073e56bff6bb4353aa3c33472e281b4069191ef9a05", "import_time": "2026-01-24T05:39:31.809910339Z", "source": "ossf-package-analysis", "modified_time": "2026-01-24T05:20:27Z", "versions": [ "1.0.60" ] }, { "sha256": "408cbe6c3521287ae3f9552a9ea8fd62592e13a2083a89bc824e22a612bac7eb", "import_time": "2026-01-24T08:41:52.326606581Z", "source": "ossf-package-analysis", "modified_time": "2026-01-24T08:35:10Z", "versions": [ "1.0.61" ] }, { "sha256": "943c743f8fc30f0c19edb5310b45a5f7ebcb809f65bad8311f47476aacd2c1b8", "import_time": "2026-01-24T08:41:52.489484977Z", "source": "ossf-package-analysis", "modified_time": "2026-01-24T08:37:26Z", "versions": [ "1.0.62" ] }, { "sha256": "c0d33ee051697027d98626e7d326c88e097f9aed751d609127811e2be82e7485", "import_time": "2026-01-24T09:07:21.968488512Z", "source": "ossf-package-analysis", "modified_time": "2026-01-24T09:03:32Z", "versions": [ "1.0.64" ] }, { "sha256": "fc2ae428a0b050512dca29bc8306a320b2bea0afaa2d1e8d2424afc9807ecb6d", "import_time": "2026-01-24T09:07:21.833101847Z", "source": "ossf-package-analysis", "modified_time": "2026-01-24T08:42:58Z", "versions": [ "1.0.63" ] }, { "sha256": "e9f05b0d7d421052bc86d94239098f5db0174afbffe1de8de4647e81e2d85d07", "import_time": "2026-01-26T07:13:00.583364501Z", "source": "ossf-package-analysis", "modified_time": "2026-01-26T07:07:48Z", "versions": [ "1.0.67" ] }, { "sha256": "ec135749c1ee04ad156322dfcc0d5ed91563502345810904a57ccdb91b8d5e46", "import_time": "2026-01-26T07:13:00.678380496Z", "source": "ossf-package-analysis", "modified_time": "2026-01-26T07:10:51Z", "versions": [ "1.0.68" ] }, { "sha256": "f631d3e03e1485c9e24dac22bf20b59cae343f50c1904331d370e90b87eb979c", "import_time": "2026-01-26T07:41:44.059431724Z", "source": "ossf-package-analysis", "modified_time": "2026-01-26T07:22:11Z", "versions": [ "1.0.69" ] }, { "sha256": "5085a7aa9fab9b039853e4a9c1a5a556a96e06a08e5df7829d22adf9506f30f3", "import_time": "2026-01-26T09:13:55.344291554Z", "source": "ossf-package-analysis", "modified_time": "2026-01-26T09:07:51Z", "versions": [ "1.0.72" ] }, { "sha256": "5b8942f2c415071da9805ba9777971989143cf73ce18cb84a3c79338e1009c80", "import_time": "2026-01-26T09:13:55.259129164Z", "source": "ossf-package-analysis", "modified_time": "2026-01-26T09:00:57Z", "versions": [ "1.0.71" ] }, { "sha256": "aefcff63e793b2540740d6959ddd113df0ee37f80fd4d6bf1d6d39ccdec1beba", "import_time": "2026-01-26T09:13:55.161004437Z", "source": "ossf-package-analysis", "modified_time": "2026-01-26T08:51:12Z", "versions": [ "1.0.70" ] }, { "sha256": "eaf61e3dbf05429721ee76d3e42062444a9df181d1d62b1507fb97312b07ade0", "import_time": "2026-01-26T10:09:38.493819697Z", "source": "ossf-package-analysis", "modified_time": "2026-01-26T10:01:04Z", "versions": [ "1.0.80" ] }, { "sha256": "23f0273b0cc0947e110233ebeaca39534603b8d443c3a584f03c1f1519d7f9c9", "import_time": "2026-01-26T10:09:38.382661268Z", "source": "ossf-package-analysis", "modified_time": "2026-01-26T09:55:30Z", "versions": [ "1.0.74" ] }, { "sha256": "a6cdc45efe5f54360743f701ff9f10633268f4cd0c14bc090d300f9a55986efd", "import_time": "2026-01-26T10:09:38.244415573Z", "source": "ossf-package-analysis", "modified_time": "2026-01-26T09:45:55Z", "versions": [ "1.0.76" ] }, { "sha256": "e1cae567873b37acb926f960a63efff5c6dfbdee3e7ec93d44a117793f7359d9", "import_time": "2026-01-26T10:09:38.425356352Z", "source": "ossf-package-analysis", "modified_time": "2026-01-26T09:57:50Z", "versions": [ "1.0.78" ] }, { "sha256": "e666c45564048a56d3e6d0e5c91fea1b13df84ff32b3c3c454d71c188ea38405", "import_time": "2026-01-26T10:09:38.308495378Z", "source": "ossf-package-analysis", "modified_time": "2026-01-26T09:51:10Z", "versions": [ "1.0.77" ] }, { "sha256": "9c34fb1cc886ba8f4dd19a4da83bb0796c5ee45f7d3c4efb6c58997bd997ea9c", "import_time": "2026-01-26T11:37:49.473362763Z", "source": "ossf-package-analysis", "modified_time": "2026-01-26T11:31:11Z", "versions": [ "1.0.88" ] }, { "sha256": "6831f1dde5d2b9ab9557c2628d561b361a1f19e77b3675553b4bb7c1cb6a2986", "import_time": "2026-01-26T12:13:11.89571086Z", "source": "ossf-package-analysis", "modified_time": "2026-01-26T11:47:58Z", "versions": [ "1.0.92" ] }, { "sha256": "e9ab6a6e25f8826fd90115371f264dcfd5af4dcc2e0060a53bbd133d8c0e531c", "import_time": "2026-01-26T12:13:11.81965925Z", "source": "ossf-package-analysis", "modified_time": "2026-01-26T11:47:30Z", "versions": [ "1.0.89" ] }, { "sha256": "fca7f68cca11ca4236203c34637bea13ddc9c333fb87e69a6606ee439018c99c", "import_time": "2026-01-26T12:13:11.989143254Z", "source": "ossf-package-analysis", "modified_time": "2026-01-26T11:56:04Z", "versions": [ "1.0.95" ] }, { "sha256": "689c7378187f52130bd67c007e7200d49f2723a0dbf3324fde79538f04c0b949", "import_time": "2026-01-26T12:48:44.802418482Z", "source": "ossf-package-analysis", "modified_time": "2026-01-26T12:38:37Z", "versions": [ "1.0.90" ] }, { "sha256": "ccb2aa9e26066382df5ebc542c9cf71713e6722d335044c4d95e78c216cd70e0", "import_time": "2026-01-26T12:48:44.672310504Z", "source": "ossf-package-analysis", "modified_time": "2026-01-26T12:15:44Z", "versions": [ "1.0.97" ] }, { "sha256": "b038264ab3a4c0c18b74f04b49afed8d46c5294841a752da7aa3455b32eaa8e1", "id": "GHSA-3phq-qxp9-55pv", "ranges": [ { "type": "SEMVER", "events": [ { "introduced": "0" } ] } ], "modified_time": "2026-01-26T17:01:12Z", "import_time": "2026-01-26T17:25:50.185879715Z", "source": "ghsa-malware" }, { "sha256": "e01affabf48f3b93ea4f083c8bbc6ef8bddc6364ea3de58f7e316660f4271977", "import_time": "2026-01-28T06:47:09.13554252Z", "source": "ossf-package-analysis", "modified_time": "2026-01-23T18:47:52Z", "versions": [ "1.0.52" ] } ] }- References
- Credits
-
-
- Amazon Inspector - FINDER
-
- OpenSSF: Package Analysis - FINDER
-
Affected packages
npm / rank4222wun
Package
- Name
- rank4222wun
- View open source insights on deps.dev
- Purl
- pkg:npm/rank4222wun
Affected ranges
- Type
- SEMVER
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.0.6
1.0.14
1.0.15
1.0.18
1.0.19
1.0.22
1.0.28
1.0.31
1.0.32
1.0.34
1.0.39
1.0.41
1.0.44
1.0.52
1.0.53
1.0.54
1.0.56
1.0.58
1.0.60
1.0.61
1.0.62
1.0.63
1.0.64
1.0.67
1.0.68
1.0.69
1.0.70
1.0.71
1.0.72
1.0.74
1.0.76
1.0.77
1.0.78
1.0.80
1.0.88
1.0.89
1.0.90
1.0.92
1.0.95
1.0.97