-= Per source details. Do not edit below this line.=-
The package was found to contain malicious code or consuming dependency that contains malicious code
{
"malicious-packages-origins": [
{
"versions": [
"2.1.6"
],
"id": "RLMA-2026-05145",
"import_time": "2026-07-09T09:16:37.47455641Z",
"sha256": "389e75ed90c0c82ffc717d29b97dd7b368dc458cdfa0005440be404baef1c971",
"modified_time": "2026-07-07T12:57:52Z",
"source": "reversing-labs"
},
{
"sha256": "259fc8b205e41dea32af006c7eaa325f0d1cca2421c668b778b8d2559d8ec900",
"id": "IN-MAL-2026-009409",
"import_time": "2026-07-09T22:02:28.375640612Z",
"modified_time": "2026-07-09T21:51:42Z",
"versions": [
"2.1.6"
],
"source": "amazon-inspector"
}
]
}{
"package_integrity": [
{
"filename": "logfuse-2.1.6.tgz",
"hashes": {
"sha512_sri": "sha512-E1wgtNiNzkM4RuXbanyYHeqj5wRt+ucOvh04rfFXg/OzEfnSuE1XSQAU/sac5I/bdvzfcuRgESQmDlZCScZ4aA==",
"sha1": "21a87867a46990d32eaa4ac3e15da5ef03a843f7"
}
}
]
}
[
{
"cweId": "CWE-506",
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature."
}
]
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/logfuse/MAL-2026-7314.json"