-= Per source details. Do not edit below this line.=-
The package @qualys/react-web was found to contain malicious code.
The OpenSSF Package Analysis project identified '@qualys/react-web' @ 5.4.3-2 (npm) as malicious.
It is considered malicious because:
The package communicates with a domain associated with malicious activity.
The package executes one or more commands associated with malicious behavior.
{
"malicious-packages-origins": [
{
"versions": [
"5.4.3-2"
],
"sha256": "c34121468e92fda61a11befd4ca6253a635ae9470b89c6ccf4e155c32e9ebc1b",
"modified_time": "2026-02-16T08:50:48Z",
"source": "ossf-package-analysis",
"import_time": "2026-02-16T09:23:48.846675496Z"
},
{
"versions": [
"5.4.3-2"
],
"sha256": "5c63e27e2c86203c152f6f7bfc30136a44d93bfbc84522fcf86ca97976511a59",
"modified_time": "2026-02-23T03:51:30Z",
"source": "amazon-inspector",
"import_time": "2026-02-23T04:19:44.604797587Z"
}
]
}