{"id":"MAL-2024-11240","summary":"Malicious code in @chia-networrk/api (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (e57e8b48f0fae6b5e322af51e72243fe9f9dd6b716bff260220806de46ae467f)\nThe OpenSSF Package Analysis project identified '@chia-networrk/api' @ 1.0.7 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2024-12-10T09:36:44Z","published":"2024-12-08T10:15:35Z","database_specific":{"malicious-packages-origins":[{"source":"ossf-package-analysis","sha256":"1de3560ba1a73cb1c0dbdcda3a2077a5f516052e84208c0248779bd5bd682f1b","versions":["1.0.14"],"modified_time":"2024-12-08T10:32:15Z","import_time":"2024-12-08T10:37:14.545448769Z"},{"source":"ossf-package-analysis","sha256":"9483ee52d6e90d7dcd8737060c8a7f554c0e6ba5bf95454442e699730dfdcc76","versions":["1.0.15"],"modified_time":"2024-12-08T10:36:45Z","import_time":"2024-12-08T10:37:14.623766608Z"},{"source":"ossf-package-analysis","sha256":"d124eecf908c2e275201c0e3cce0f31506bd618d9eae4818ae37a0f36b3e57c8","versions":["1.0.10"],"modified_time":"2024-12-08T10:21:06Z","import_time":"2024-12-08T10:37:14.472975274Z"},{"source":"ossf-package-analysis","sha256":"f6fcc8c0fa2dae895cd3f3043806bce1866ce3c21f3678a87946307f5ca96a6f","versions":["1.0.16"],"modified_time":"2024-12-08T10:57:31Z","import_time":"2024-12-08T11:04:58.956404944Z"},{"source":"ossf-package-analysis","sha256":"e57e8b48f0fae6b5e322af51e72243fe9f9dd6b716bff260220806de46ae467f","versions":["1.0.7"],"modified_time":"2024-12-08T10:15:35Z","import_time":"2024-12-09T02:33:36.767941827Z"},{"source":"ossf-package-analysis","sha256":"151d5afd1b4f5b146548f9f124b37408a7b75022f44535816f4f5d4539ac82ef","versions":["1.0.21"],"modified_time":"2024-12-10T09:21:20Z","import_time":"2024-12-10T09:36:20.849645286Z"}]},"affected":[{"package":{"name":"@chia-networrk/api","ecosystem":"npm","purl":"pkg:npm/%40chia-networrk/api"},"versions":["1.0.14","1.0.15","1.0.10","1.0.16","1.0.7","1.0.21"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@chia-networrk/api/MAL-2024-11240.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}