MAL-2026-6512
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/react-context-form-tdsss/MAL-2026-6512.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2026-6512
- Published
- 2026-06-26T05:44:13Z
- Modified
- 2026-06-26T08:01:24.918832720Z
- Summary
- Malicious code in react-context-form-tdsss (npm)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (7a53e75a65681ee9ea818634ddee1ed52c6c8398dbd68e2b6abca255b24aaf37)
react-context-form-tdsss@9.0.0 is a dependency-confusion payload. package.json declares scripts.preinstall="node index.js", and index.js issues an HTTPS GET to a hardcoded interactsh/OAST subdomain (d8v0o1a9io6mjndcpbgghpfmkcgcm6dno.oast.online/npm-installed) on install. This beacon discloses the installer's public IP and confirms code execution on the installer's host to the operator of the OAST listener. The package.json description self-identifies as a dependency-confusion PoC and declares a self-dependency, the shape used to squat an internal/private package name on the public registry so that resolution in a victim environment pulls and executes this code. Installing this package causes outbound network beaconing on the installer's machine without consent.
Source: ossf-package-analysis (93a527c5b8a2dec60d70994e1423e4138bdc1a6218cf11ff7528919767b3dea3)
The OpenSSF Package Analysis project identified 'react-context-form-tdsss' @ 9.0.0 (npm) as malicious.
It is considered malicious because:
- The package communicates with a domain associated with malicious activity.
- Database specific
{ "malicious-packages-origins": [ { "versions": [ "9.0.0" ], "modified_time": "2026-06-26T05:44:13Z", "sha256": "7a53e75a65681ee9ea818634ddee1ed52c6c8398dbd68e2b6abca255b24aaf37", "id": "IN-MAL-2026-007596", "source": "amazon-inspector", "import_time": "2026-06-26T06:28:52.922629038Z" }, { "versions": [ "9.0.0" ], "modified_time": "2026-06-26T07:51:51Z", "sha256": "93a527c5b8a2dec60d70994e1423e4138bdc1a6218cf11ff7528919767b3dea3", "source": "ossf-package-analysis", "import_time": "2026-06-26T07:52:01.307662647Z" } ] }- References
- Credits
-
-
- Amazon Inspector - FINDER
-
- OpenSSF: Package Analysis - FINDER
-
Affected packages
npm / react-context-form-tdsss
Package
- Name
- react-context-form-tdsss
- View open source insights on deps.dev
- Purl
- pkg:npm/react-context-form-tdsss
Database specific
cwes
[
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
}
]
indicators
{
"package_integrity": [
{
"filename": "react-context-form-tdsss-9.0.0.tgz",
"hashes": {
"sha512_sri": "sha512-zE51emM9hmo+0cdMh1n7JEBBfHuPZe3JBhFZiSPR8x/uKLjpF5Rogzql5k3KD5qmFF0DxtMX/nvLt6oQ2U2XvQ==",
"sha1": "9b4a14cefe511f40556e34191545ce4aa8d31096"
}
}
],
"evidence_files": [
{
"path": "index.js",
"tlsh": "7dd02be600fa0120187092c54501ae5e755bc4302e49b5f29a08026186817f886ea5c5",
"sha256": "314b544d422705c6162049715a5d12edf0928a1ce7b1e811715aa64167eeff76"
},
{
"path": "package.json",
"tlsh": "84d05e20cc14d9b329e619f2447941066ba9ed2a900a9cdd55c2800c8adcdea4aae749",
"sha256": "8639e0e83cada84a6c57aa3add7fbf60597493536944ad02bfd1cd6e9e3bd193"
}
]
}
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/react-context-form-tdsss/MAL-2026-6512.json"