{"id":"MAL-2025-191978","summary":"Malicious code in elf-stats-cranberry-sleigh-853 (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (f85ae12d2f730c46ea2549c98a491f8ccccf2c8f7a484258398ce7dad89c137c)\nThe package elf-stats-cranberry-sleigh-853 was found to contain malicious code.\n\n## Source: ossf-package-analysis (8c2499eb605ed1cdd8896cb21357da72fa92cbb5d8b27048115bf63144046a39)\nThe OpenSSF Package Analysis project identified 'elf-stats-cranberry-sleigh-853' @ 1.0.2 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2025-12-03T16:18:04.521219Z","published":"2025-12-03T13:55:27Z","database_specific":{"malicious-packages-origins":[{"sha256":"8c2499eb605ed1cdd8896cb21357da72fa92cbb5d8b27048115bf63144046a39","source":"ossf-package-analysis","import_time":"2025-12-03T14:07:12.550440791Z","modified_time":"2025-12-03T13:55:27Z","versions":["1.0.2"]},{"sha256":"b83b68f1aa445b37c5553ec4dfec2c3b8c7db797107c3de58be00d113e890415","source":"ossf-package-analysis","import_time":"2025-12-03T14:07:12.649225217Z","modified_time":"2025-12-03T14:00:35Z","versions":["1.0.4"]},{"sha256":"41baeece254656637a6c933b4bd409505b354d6224093a5bd7a876f7ec55a91a","source":"ossf-package-analysis","import_time":"2025-12-03T14:40:59.402944303Z","modified_time":"2025-12-03T14:07:13Z","versions":["1.0.5"]},{"sha256":"fa623d9b7ae58a456182a2efb548398bd7e6e394eb9a9f245f7298bf9c0298a4","source":"ossf-package-analysis","import_time":"2025-12-03T14:40:59.556040833Z","modified_time":"2025-12-03T14:11:05Z","versions":["1.0.6"]},{"sha256":"f85ae12d2f730c46ea2549c98a491f8ccccf2c8f7a484258398ce7dad89c137c","source":"amazon-inspector","import_time":"2025-12-03T16:09:43.422884683Z","modified_time":"2025-12-03T15:59:29Z","versions":["1.0.1","1.0.3","1.0.2","1.0.4","1.0.5"]}]},"affected":[{"package":{"name":"elf-stats-cranberry-sleigh-853","ecosystem":"npm","purl":"pkg:npm/elf-stats-cranberry-sleigh-853"},"versions":["1.0.2","1.0.4","1.0.5","1.0.6","1.0.1","1.0.3"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/elf-stats-cranberry-sleigh-853/MAL-2025-191978.json"}}],"schema_version":"1.7.3","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}