{"id":"MAL-2024-8848","summary":"Malicious code in balvant-chavda (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (2a4352948540614eef450d227df439f2f1c0d1da030df382e59831548767f473)\nThe OpenSSF Package Analysis project identified 'balvant-chavda' @ 1.8.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2024-09-10T00:49:29Z","published":"2024-09-09T04:23:38Z","database_specific":{"malicious-packages-origins":[{"source":"ossf-package-analysis","import_time":"2024-09-09T04:36:18.328783906Z","versions":["1.8.0"],"sha256":"2a4352948540614eef450d227df439f2f1c0d1da030df382e59831548767f473","modified_time":"2024-09-09T04:33:11Z"},{"source":"ossf-package-analysis","import_time":"2024-09-09T04:36:18.24717477Z","versions":["1.9.0"],"sha256":"2a6a069bccb3110e0b7c0a0a06174e07b686ac26a61641f25d25dfe4362d41db","modified_time":"2024-09-09T04:32:11Z"},{"source":"ossf-package-analysis","import_time":"2024-09-09T05:05:54.804135586Z","versions":["1.7.0"],"sha256":"19b37f4dd97bc90038ae2492b6c52ed9e93fe8726da83b64080d20160d8bca99","modified_time":"2024-09-09T04:44:11Z"},{"source":"ossf-package-analysis","import_time":"2024-09-09T05:05:54.973008483Z","versions":["1.4.0"],"sha256":"5b8e2197425b6d6231924e07142f062cef8575ae7f66068b146565e4110ecc03","modified_time":"2024-09-09T04:52:52Z"},{"source":"ossf-package-analysis","import_time":"2024-09-10T00:49:00.659862457Z","versions":["1.6.0"],"sha256":"99711e61ae80bb62846580f78fe0a24a478a2856a281e66658f1e6b4acd1905f","modified_time":"2024-09-09T04:23:38Z"}]},"affected":[{"package":{"name":"balvant-chavda","ecosystem":"npm","purl":"pkg:npm/balvant-chavda"},"versions":["1.8.0","1.9.0","1.7.0","1.4.0","1.6.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/balvant-chavda/MAL-2024-8848.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}