{"id":"MAL-2023-7979","summary":"Malicious code in visual_components (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (7289e2b3846c5d4eacbe709a4bd08a2e48688e587b810b9535c2275275dd2497)\nThe OpenSSF Package Analysis project identified 'visual_components' @ 1.0.13 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2023-09-01T21:05:24Z","published":"2023-09-01T19:41:34Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2023-09-01T19:49:01Z","import_time":"2023-09-01T20:05:10.62438396Z","sha256":"7289e2b3846c5d4eacbe709a4bd08a2e48688e587b810b9535c2275275dd2497","source":"ossf-package-analysis","versions":["1.0.13"]},{"modified_time":"2023-09-01T19:41:34Z","import_time":"2023-09-01T20:05:10.560034907Z","sha256":"f4272d41d8dae8a6b53a5fe78c6e2b10ce6cd06fc7dfe6b61b5f87b38d75b02d","source":"ossf-package-analysis","versions":["1.0.14"]},{"modified_time":"2023-09-01T20:09:16Z","import_time":"2023-09-01T20:34:21.606321642Z","sha256":"2c4bd483ceceb49450acb2fc3acfdfc3113465f504d94e5ed9b67cf927ff137b","source":"ossf-package-analysis","versions":["1.0.19"]},{"modified_time":"2023-09-01T20:05:42Z","import_time":"2023-09-01T20:34:21.544549639Z","sha256":"42773c6cd142c8f14d32d547e2256baa1af72cc779c779aa444f1ff34a06bedc","source":"ossf-package-analysis","versions":["1.0.18"]},{"modified_time":"2023-09-01T20:14:02Z","import_time":"2023-09-01T20:34:21.663493374Z","sha256":"bdc09bd10630e4c0daeee02b33b29302c1b07876c4897f3a001cba1171470354","source":"ossf-package-analysis","versions":["1.0.20"]},{"modified_time":"2023-09-01T20:35:55Z","import_time":"2023-09-01T21:05:04.750602244Z","sha256":"86d946141cb31c177ff6e48b9f158c23844f57cb90cd819759d752a26b8e5bd4","source":"ossf-package-analysis","versions":["1.0.21"]}]},"affected":[{"package":{"name":"visual_components","ecosystem":"npm","purl":"pkg:npm/visual_components"},"versions":["1.0.13","1.0.14","1.0.19","1.0.18","1.0.20","1.0.21"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/visual_components/MAL-2023-7979.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}