MAL-2026-6304
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@frostnode/probe/MAL-2026-6304.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2026-6304
- Published
- 2026-06-23T16:22:36Z
- Modified
- 2026-06-23T17:01:28.188021188Z
- Summary
- Malicious code in @frostnode/probe (npm)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (7a143792d6fce9dfc36bbd2f99c44710055d4f0be6408ed046fb4ea4ea2e86f3)
No suspicious behaviors were observed in this package version. There are no install-time lifecycle hooks fetching or executing remote code, no credential or environment scraping, no hardcoded attacker-controlled endpoints, and no silent-relay patterns in the package's code paths.
- Database specific
{ "malicious-packages-origins": [ { "sha256": "7a143792d6fce9dfc36bbd2f99c44710055d4f0be6408ed046fb4ea4ea2e86f3", "id": "IN-MAL-2026-007292", "source": "amazon-inspector", "modified_time": "2026-06-23T16:22:36Z", "versions": [ "0.0.1" ], "import_time": "2026-06-23T16:54:15.335054073Z" } ] }- References
- Credits
-
-
- Amazon Inspector - FINDER
-
Affected packages
npm / @frostnode/probe
Package
- Name
- @frostnode/probe
- View open source insights on deps.dev
- Purl
- pkg:npm/%40frostnode%2Fprobe
Database specific
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@frostnode/probe/MAL-2026-6304.json"
cwes
[
{
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature.",
"cweId": "CWE-506"
}
]
indicators
{
"package_integrity": [
{
"filename": "probe-0.0.1.tgz",
"hashes": {
"sha1": "d200f4b9c9ac6a0b7bed51276986e3bbe7d9827b",
"sha512_sri": "sha512-swF/+sV8o4ABd7qzpBraxuZyFDdy0UinE+a4IwyG+qPs0fYSv17wAtUiDIJjZtId2n1sYBY+Ujqus/7YMd/xNA=="
}
}
]
}