{"id":"MAL-2024-2347","summary":"Malicious code in example-arc-server (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (313fe2f7f49471a9351eff38bafe5bf3968444661867230198924b55a3e94909)\nThe OpenSSF Package Analysis project identified 'example-arc-server' @ 100.0.2 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2025-06-18T15:07:35Z","published":"2024-06-25T12:42:18Z","database_specific":{"malicious-packages-origins":[{"versions":["5.999.1","7.999.1"],"id":"RLMA-2024-00989","modified_time":"2024-06-25T12:42:18Z","source":"reversing-labs","import_time":"2024-06-28T02:43:11.902300199Z","sha256":"9c835c3d05361d34bd73f966ae500705c1facb6ce535cc4b3c5f6ded438f0569"},{"id":"RLUA-2024-06539","modified_time":"2024-10-16T12:51:37Z","source":"reversing-labs","import_time":"2024-10-24T00:57:49.011323978Z","sha256":"fdc5365b39fcaf6c4fdec586e022476d49ed7b98996087be691f89cfdb0cd92a"},{"versions":["100.0.2"],"modified_time":"2025-05-18T22:20:44Z","source":"ossf-package-analysis","import_time":"2025-05-19T00:26:17.996512179Z","sha256":"313fe2f7f49471a9351eff38bafe5bf3968444661867230198924b55a3e94909"},{"versions":["100.0.1"],"modified_time":"2025-05-18T21:50:38Z","source":"ossf-package-analysis","import_time":"2025-05-19T00:26:17.539394821Z","sha256":"571a34d015e17c9d9d390c20a5fe6a9dd90c17ebec759c8803c3b5c013f3d8f7"},{"versions":["100.0.2","100.0.1"],"id":"RLUA-2025-03190","modified_time":"2025-06-18T10:27:59Z","source":"reversing-labs","import_time":"2025-06-18T15:06:47.918709537Z","sha256":"af06300338cffa2d0f868d549d015abf4b87ba6235600c61c7364d08ea6e87af"}]},"affected":[{"package":{"name":"example-arc-server","ecosystem":"npm","purl":"pkg:npm/example-arc-server"},"versions":["5.999.1","7.999.1","100.0.2","100.0.1"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/example-arc-server/MAL-2024-2347.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}