{"id":"MAL-2025-1391","summary":"Malicious code in voiceedgelite (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (fd93b14a943a875efb1d2602d31cc497e92f135adac765f65f2a0ffd72d6ad42)\nThe OpenSSF Package Analysis project identified 'voiceedgelite' @ 1.1.5 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2025-03-31T07:07:50Z","published":"2025-02-17T13:02:56Z","database_specific":{"malicious-packages-origins":[{"versions":["1.0.7"],"import_time":"2025-02-17T22:05:17.398082644Z","source":"ossf-package-analysis","sha256":"2e4fd4b9fb9a218b7e587f7885347db6009f6cabf4225963a64a35354ef1cdc5","modified_time":"2025-02-17T13:02:56Z"},{"versions":["1.1.5"],"import_time":"2025-02-18T04:06:43.321415796Z","source":"ossf-package-analysis","sha256":"fd93b14a943a875efb1d2602d31cc497e92f135adac765f65f2a0ffd72d6ad42","modified_time":"2025-02-18T04:03:22Z"},{"versions":["1.1.6"],"import_time":"2025-02-18T04:36:48.332115204Z","source":"ossf-package-analysis","sha256":"5c4b6524c408d88e95e6fce41bec25ac610bc0a620c6ac635dbc56a93e119088","modified_time":"2025-02-18T04:08:56Z"},{"versions":["1.1.7"],"import_time":"2025-02-18T05:05:58.792360366Z","source":"ossf-package-analysis","sha256":"82126c9800523504f45253cbb3207ecc731e122b42fa280e18d86c10b33c6f35","modified_time":"2025-02-18T04:44:15Z"},{"versions":["1.1.8"],"import_time":"2025-02-19T00:21:40.926340859Z","source":"ossf-package-analysis","sha256":"7ced81fbb971d72f159003fd1c935a6470e75f7416b4e7b64dffbaf06b15c276","modified_time":"2025-02-18T05:18:41Z"},{"versions":["1.2.0"],"import_time":"2025-02-20T00:21:49.110742802Z","source":"ossf-package-analysis","sha256":"25b6768f91803e84a37502bb19be23ba18df20f6f6d3608028f5da10578885a6","modified_time":"2025-02-19T03:40:14Z"},{"versions":["1.0.1","1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.0.8","1.0.9","1.1.2","1.1.3","1.1.4","1.1.5","1.1.6","1.1.7","1.1.8","1.1.9","1.2.0"],"import_time":"2025-03-31T07:07:03.059248763Z","source":"reversing-labs","sha256":"bd5f8aa74a109883ebc504a892ee922d4e5d0294d9af11eb14e49bd09eea6b39","modified_time":"2025-03-28T13:03:23Z","id":"RLMA-2025-01883"}]},"affected":[{"package":{"name":"voiceedgelite","ecosystem":"npm","purl":"pkg:npm/voiceedgelite"},"versions":["1.0.7","1.1.5","1.1.6","1.1.7","1.1.8","1.2.0","1.0.1","1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.0.8","1.0.9","1.1.2","1.1.3","1.1.4","1.1.9"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/voiceedgelite/MAL-2025-1391.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}