{"id":"MAL-2024-9104","summary":"Malicious code in @fdp-tools/bitbucket (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (3d664e4e984c9abf294fae57cd50adb612a619b9eb307464e5cb57d6da167de8)\nThe OpenSSF Package Analysis project identified '@fdp-tools/bitbucket' @ 0.2.7 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2024-10-08T08:30:42Z","published":"2024-10-08T08:30:42Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2024-10-08T08:30:42Z","import_time":"2024-10-08T08:38:15.111078926Z","versions":["0.2.7"],"source":"ossf-package-analysis","sha256":"3d664e4e984c9abf294fae57cd50adb612a619b9eb307464e5cb57d6da167de8"}]},"affected":[{"package":{"name":"@fdp-tools/bitbucket","ecosystem":"npm","purl":"pkg:npm/%40fdp-tools/bitbucket"},"versions":["0.2.7"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@fdp-tools/bitbucket/MAL-2024-9104.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}