MAL-2026-6314
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@zynkit/probe/MAL-2026-6314.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2026-6314
- Published
- 2026-06-23T16:22:48Z
- Modified
- 2026-06-23T17:01:26.204462206Z
- Summary
- Malicious code in @zynkit/probe (npm)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (5f7da2d08466718d66bb9a80478987eab5041e19ee53f80d6968e6dc3069edf2)
No concrete indicators of installer-side harm were observed in this package version. No lifecycle scripts performing remote fetch-and-execute, no credential or environment scraping, no hardcoded attacker network destinations, and no silent-relay patterns are present.
- Database specific
{ "malicious-packages-origins": [ { "sha256": "5f7da2d08466718d66bb9a80478987eab5041e19ee53f80d6968e6dc3069edf2", "id": "IN-MAL-2026-007304", "source": "amazon-inspector", "modified_time": "2026-06-23T16:22:48Z", "versions": [ "0.0.1" ], "import_time": "2026-06-23T16:54:16.413835245Z" } ] }- References
- Credits
-
-
- Amazon Inspector - FINDER
-
Affected packages
npm / @zynkit/probe
Package
- Name
- @zynkit/probe
- View open source insights on deps.dev
- Purl
- pkg:npm/%40zynkit%2Fprobe
Database specific
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@zynkit/probe/MAL-2026-6314.json"
cwes
[
{
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature.",
"cweId": "CWE-506"
}
]
indicators
{
"package_integrity": [
{
"filename": "probe-0.0.1.tgz",
"hashes": {
"sha1": "bb32e60d3c4ace35e62a148c2448a07efa79b929",
"sha512_sri": "sha512-Vo+ut3D4nFENTmu1kQNEiZ0DGfocGJwzsWRmoONc3qPPuPwrkVzOvT2hsUqfKpMKV4CEv+4TfW0bmadil1Y1kQ=="
}
}
]
}