{"id":"MAL-2023-1565","summary":"Malicious code in hardhat-contract (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (3593917b9125465c1d3c5d6b38c62a9819d7590aea1522bdcf400ffef560a9b7)\nThe OpenSSF Package Analysis project identified 'hardhat-contract' @ 15.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2023-08-24T10:35:05Z","published":"2023-08-24T10:00:45Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2023-08-24T10:00:45Z","import_time":"2023-08-24T10:05:24.242878875Z","versions":["15.0.0"],"source":"ossf-package-analysis","sha256":"3593917b9125465c1d3c5d6b38c62a9819d7590aea1522bdcf400ffef560a9b7"},{"modified_time":"2023-08-24T10:15:49Z","import_time":"2023-08-24T10:34:19.640351775Z","versions":["15.0.1"],"source":"ossf-package-analysis","sha256":"ab64264f4e530c925505d7dba4f92e27a41ec0c61af73b7cbc25a457086a64e6"}]},"affected":[{"package":{"name":"hardhat-contract","ecosystem":"npm","purl":"pkg:npm/hardhat-contract"},"versions":["15.0.0","15.0.1"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/hardhat-contract/MAL-2023-1565.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}