MAL-2026-5297

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/consumerweb-authflow/MAL-2026-5297.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-5297
Published
2026-06-07T16:59:25Z
Modified
2026-06-07T18:46:26.680168189Z
Summary
Malicious code in consumerweb-authflow (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (0a4795bc3b2c513417e92b1547d165f9b6cbb750f437b5bf3ac87e63832087ca)

The OpenSSF Package Analysis project identified 'consumerweb-authflow' @ 4.1.1 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.
Database specific 
{
    "malicious-packages-origins": [
        {
            "import_time": "2026-06-07T17:33:24.34930144Z",
            "versions": [
                "4.1.1"
            ],
            "sha256": "0a4795bc3b2c513417e92b1547d165f9b6cbb750f437b5bf3ac87e63832087ca",
            "source": "ossf-package-analysis",
            "modified_time": "2026-06-07T16:59:25Z"
        },
        {
            "modified_time": "2026-06-07T17:35:34Z",
            "versions": [
                "4.1.3"
            ],
            "sha256": "6046f90089681a0351528c2aec67d71ba49df4e2fb98bc7ce59206d3a9e02de1",
            "source": "ossf-package-analysis",
            "import_time": "2026-06-07T18:33:01.400688057Z"
        }
    ]
}
References
Credits

Affected packages

npm / consumerweb-authflow

Package

Name
consumerweb-authflow
View open source insights on deps.dev
Purl
pkg:npm/consumerweb-authflow

Affected ranges

Affected versions

4.*
4.1.1
4.1.3

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/consumerweb-authflow/MAL-2026-5297.json"