{"id":"MAL-2023-8468","summary":"Malicious code in vanillajs-test (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (19dd1596da1181577937a6d843a7fe1b41a9bb73029d7ecbd4c33e406ad73062)\nThe OpenSSF Package Analysis project identified 'vanillajs-test' @ 1.0.2 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n","modified":"2023-11-07T07:05:02Z","published":"2023-11-07T06:45:49Z","database_specific":{"malicious-packages-origins":[{"sha256":"19dd1596da1181577937a6d843a7fe1b41a9bb73029d7ecbd4c33e406ad73062","modified_time":"2023-11-07T06:55:52Z","versions":["1.0.2"],"import_time":"2023-11-07T07:04:46.563007364Z","source":"ossf-package-analysis"},{"sha256":"8aa6d110d2fd5e36ba0db2f0c0fbad37c430b982321cd7a39c159c5d3bc7883f","modified_time":"2023-11-07T06:45:49Z","versions":["1.0.1"],"import_time":"2023-11-07T07:04:46.499310551Z","source":"ossf-package-analysis"}]},"affected":[{"package":{"name":"vanillajs-test","ecosystem":"npm","purl":"pkg:npm/vanillajs-test"},"versions":["1.0.2","1.0.1"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/vanillajs-test/MAL-2023-8468.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}