{"id":"MAL-2024-8938","summary":"Malicious code in @energysolutions/mylib (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (08f12d3c3e2e99f5bcec121d93fe4ece6a29ff57478e2e93e0cff0d4309832ac)\nThe OpenSSF Package Analysis project identified '@energysolutions/mylib' @ 999999999.999999.999999 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n","modified":"2024-09-26T23:06:19Z","published":"2024-09-20T19:29:25Z","database_specific":{"malicious-packages-origins":[{"source":"ossf-package-analysis","import_time":"2024-09-22T22:35:20.001507292Z","versions":["99.9.9"],"sha256":"af8652a2466a05067e04226d9a2c0ba8fd87d1ceea144088adec75e6d69144e0","modified_time":"2024-09-20T19:55:40Z"},{"source":"ossf-package-analysis","import_time":"2024-09-22T22:35:19.906256746Z","versions":["99.9.7"],"sha256":"f6e3a6bea8d93f96120a14227a1892edeead009970a0b11452246468fa17e1dd","modified_time":"2024-09-20T19:38:11Z"},{"source":"ossf-package-analysis","import_time":"2024-09-22T22:35:19.853438467Z","versions":["99.9.3"],"sha256":"fcbfd33ed337d039767d2917237f3a4d23ff74a860d69b7d644a52ca192607c4","modified_time":"2024-09-20T19:29:25Z"},{"source":"ossf-package-analysis","import_time":"2024-09-26T23:05:57.931236308Z","versions":["999999999.999999.999999"],"sha256":"08f12d3c3e2e99f5bcec121d93fe4ece6a29ff57478e2e93e0cff0d4309832ac","modified_time":"2024-09-26T07:55:41Z"},{"source":"ossf-package-analysis","import_time":"2024-09-26T23:05:57.516558773Z","versions":["9998.998.998"],"sha256":"10c6d7e1f6418565c6ba63571667684677e09a9a9870564276c82824d4055790","modified_time":"2024-09-25T19:50:41Z"},{"source":"ossf-package-analysis","import_time":"2024-09-26T23:05:57.583283696Z","versions":["9998.999.999"],"sha256":"1a77c7c3fc6abfa729a2b13de21ac88a96f6e565ea74caf8818de009673c2be0","modified_time":"2024-09-26T06:23:41Z"},{"source":"ossf-package-analysis","import_time":"2024-09-26T23:05:57.664231809Z","versions":["99999.99999.9999"],"sha256":"5131d12a8cfe87f2ac5306a4e02a1bf27906c3033911cc738be6068f4c053e3c","modified_time":"2024-09-26T07:20:39Z"},{"source":"ossf-package-analysis","import_time":"2024-09-26T23:05:57.751854102Z","versions":["9999999.999999.999999"],"sha256":"57c1d54e282f29e602957a65120b53734325ef86848407a15ecf42638d3667ce","modified_time":"2024-09-26T07:44:18Z"},{"source":"ossf-package-analysis","import_time":"2024-09-26T23:05:57.839664562Z","versions":["99999999.999999.999999"],"sha256":"a99a69f233f00b448a81f3811cf11dfdc3d0c42169393f854ea2aed819dfe872","modified_time":"2024-09-26T07:45:42Z"},{"source":"ossf-package-analysis","import_time":"2024-09-26T23:05:57.417697676Z","versions":["999.99.99"],"sha256":"d71d1050e9d0ab76962d7680a6fb2139f92bf0401205b12d06b6c903b0a8ec7d","modified_time":"2024-09-25T19:31:18Z"}]},"affected":[{"package":{"name":"@energysolutions/mylib","ecosystem":"npm","purl":"pkg:npm/%40energysolutions/mylib"},"versions":["99.9.9","99.9.7","99.9.3","999999999.999999.999999","9998.998.998","9998.999.999","99999.99999.9999","9999999.999999.999999","99999999.999999.999999","999.99.99"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@energysolutions/mylib/MAL-2024-8938.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}