{"id":"MAL-2024-7418","summary":"Malicious code in react-devtools-fusebox (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (023ce7599294ef47cf0b24d7424bada9cfa75c0c3ac1f94d0a2a23e0e4f55d6b)\nThe OpenSSF Package Analysis project identified 'react-devtools-fusebox' @ 2.1.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n","modified":"2024-07-06T17:34:13Z","published":"2024-07-06T08:55:40Z","database_specific":{"malicious-packages-origins":[{"import_time":"2024-07-06T09:05:03.197232637Z","source":"ossf-package-analysis","modified_time":"2024-07-06T08:55:40Z","versions":["2.1.1"],"sha256":"023ce7599294ef47cf0b24d7424bada9cfa75c0c3ac1f94d0a2a23e0e4f55d6b"},{"import_time":"2024-07-06T17:33:49.694512232Z","source":"ossf-package-analysis","modified_time":"2024-07-06T17:10:15Z","versions":["2.2.1"],"sha256":"5024219b78101b2efc08f008c3474897b7a01aad46d4800b2aa07f1abc16a970"}]},"affected":[{"package":{"name":"react-devtools-fusebox","ecosystem":"npm","purl":"pkg:npm/react-devtools-fusebox"},"versions":["2.1.1","2.2.1"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/react-devtools-fusebox/MAL-2024-7418.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}