-= Per source details. Do not edit below this line.=-
The OpenSSF Package Analysis project identified '@adobesign/as-dev-tools' @ 99.9.10 (npm) as malicious.
It is considered malicious because:
The package communicates with a domain associated with malicious activity.
The package executes one or more commands associated with malicious behavior.
{
"malicious-packages-origins": [
{
"versions": [
"99.9.10"
],
"sha256": "89bc395364731dd31b151f421bf94decd4441180ae9fa8e16ae540015c3bdc51",
"modified_time": "2026-07-05T15:20:44Z",
"source": "ossf-package-analysis",
"import_time": "2026-07-05T15:30:02.125112709Z"
},
{
"versions": [
"99.9.9"
],
"sha256": "bc3c9c46e2d893c8ec87ae68a36569c3561b94fdc6ff9954a02d26bbed847ed6",
"modified_time": "2026-07-05T15:16:01Z",
"source": "ossf-package-analysis",
"import_time": "2026-07-05T15:30:02.041037716Z"
}
]
}