MAL-2026-6306
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@gleamkit/probe/MAL-2026-6306.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2026-6306
- Published
- 2026-06-23T16:22:20Z
- Modified
- 2026-06-23T17:01:28.330819725Z
- Summary
- Malicious code in @gleamkit/probe (npm)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (aaef237007e5d89031d334bf56a29892c7d6103aba9563b040556eea20ef2cfa)
No suspicious behaviors were detected in this package. There are no lifecycle scripts performing remote fetches, no credential or environment scraping, no hardcoded exfiltration endpoints, and no obfuscated payloads. The package contents do not exhibit any of the known supply-chain attack fingerprints.
- Database specific
{ "malicious-packages-origins": [ { "sha256": "aaef237007e5d89031d334bf56a29892c7d6103aba9563b040556eea20ef2cfa", "import_time": "2026-06-23T16:54:13.771559474Z", "source": "amazon-inspector", "modified_time": "2026-06-23T16:22:20Z", "versions": [ "0.0.1" ], "id": "IN-MAL-2026-007274" } ] }- References
- Credits
-
-
- Amazon Inspector - FINDER
-
Affected packages
npm / @gleamkit/probe
Package
- Name
- @gleamkit/probe
- View open source insights on deps.dev
- Purl
- pkg:npm/%40gleamkit%2Fprobe
Database specific
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@gleamkit/probe/MAL-2026-6306.json"
cwes
[
{
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature.",
"cweId": "CWE-506"
}
]
indicators
{
"package_integrity": [
{
"filename": "probe-0.0.1.tgz",
"hashes": {
"sha1": "d18608ac5b818dd7b0ae93f99957f1bffa70860e",
"sha512_sri": "sha512-BB9p9Ej8/b1kA7662dAB9iyY0UXdXaJ4xh2ejK7fehstY5rBUDO4GTg8H1T8Th7ejA0i9pmLvtzohPtj27KsNQ=="
}
}
]
}