{"id":"MAL-2024-52","summary":"Malicious code in onetake (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (52bec93f09b5dc6085214609ef35d8aaf2346d6e50e6a12e5304e16aa3493ae2)\nThe OpenSSF Package Analysis project identified 'onetake' @ 1.1.30 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n","modified":"2024-01-10T00:24:49Z","published":"2024-01-09T11:22:30Z","database_specific":{"malicious-packages-origins":[{"import_time":"2024-01-09T12:06:41.121829153Z","source":"ossf-package-analysis","sha256":"52bec93f09b5dc6085214609ef35d8aaf2346d6e50e6a12e5304e16aa3493ae2","modified_time":"2024-01-09T11:57:00Z","versions":["1.1.30"]},{"import_time":"2024-01-09T11:33:53.67651696Z","source":"ossf-package-analysis","sha256":"56c844bfee2544308932335b41b5056ed192d0fbb274579eabf5fec96f5ea389","modified_time":"2024-01-09T11:22:30Z","versions":["1.0.20"]}]},"affected":[{"package":{"name":"onetake","ecosystem":"npm","purl":"pkg:npm/onetake"},"versions":["1.1.30","1.0.20"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/onetake/MAL-2024-52.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}