MAL-2026-7405

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/roblox-lua-promise/MAL-2026-7405.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-7405
Published
2026-07-07T13:09:08Z
Modified
2026-07-09T09:33:09.355070195Z
Summary
Malicious code in roblox-lua-promise (npm)
Details

-= Per source details. Do not edit below this line.=-

Database specific
{
    "malicious-packages-origins": [
        {
            "sha256": "d74b889ee70b8d61e5d7d440b315329602e9ca99422f93f0f9c8a8864d4f7b15",
            "id": "RLMA-2026-05298",
            "import_time": "2026-07-09T09:16:50.979678089Z",
            "modified_time": "2026-07-07T13:09:08Z",
            "versions": [
                "99.9.0"
            ],
            "source": "reversing-labs"
        }
    ]
}
References
Credits

Affected packages

npm / roblox-lua-promise

Package

Affected ranges

Affected versions

99.*
99.9.0

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/roblox-lua-promise/MAL-2026-7405.json"