{"id":"MAL-2023-5","summary":"Malicious code in eslint-plugin-indeed (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (cd3cf0dfdda3ea0bf705d385efb05c56b971a408c4a0dceef3771d2e474a33e0)\nThe OpenSSF Package Analysis project identified 'eslint-plugin-indeed' @ 99.99.9 (npm) as malicious.\n\nIt is considered malicious because:\n- The package communicates with a domain associated with malicious activity.\n","aliases":["SNYK-JS-ESLINTPLUGININDEED-3336031"],"modified":"2024-06-28T03:14:35.216637Z","published":"2023-05-01T02:25:46Z","database_specific":{"malicious-packages-origins":[{"import_time":"2023-06-30T03:53:17.18663345Z","versions":["99.99.9"],"sha256":"cd3cf0dfdda3ea0bf705d385efb05c56b971a408c4a0dceef3771d2e474a33e0","source":"ossf-package-analysis","modified_time":"0001-01-01T00:00:00Z"},{"import_time":"2024-06-28T02:43:09.861040276Z","id":"RLMA-2024-00971","versions":["99.99.9","10.9.9"],"sha256":"d836eb785f6571a7933d4c3ed35935b12f02e875128be566c98c2ff695bdc464","source":"reversing-labs","modified_time":"2024-06-25T12:41:53Z"}]},"references":[{"type":"ADVISORY","url":"https://security.snyk.io/vuln/SNYK-JS-ESLINTPLUGININDEED-3336031"}],"affected":[{"package":{"name":"eslint-plugin-indeed","ecosystem":"npm","purl":"pkg:npm/eslint-plugin-indeed"},"versions":["99.99.9","10.9.9"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/eslint-plugin-indeed/MAL-2023-5.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}