{"id":"MAL-2025-192099","summary":"Malicious code in elf-stats-mistletoe-sparkler-211 (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (47252656d84badb7e05ccaeaf93790d0fb12cabd9049756bc91814e3e3c7e2c4)\nThe package elf-stats-mistletoe-sparkler-211 was found to contain malicious code.\n\n## Source: ossf-package-analysis (c81f46b43dd8df82428a84fe16b8a8204069ad9a548c1996b62abd7e95b8b870)\nThe OpenSSF Package Analysis project identified 'elf-stats-mistletoe-sparkler-211' @ 9999.1.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2025-12-23T23:21:11.938839Z","published":"2025-12-03T13:02:43Z","database_specific":{"malicious-packages-origins":[{"import_time":"2025-12-03T16:09:54.755350351Z","modified_time":"2025-12-03T15:59:29Z","source":"amazon-inspector","versions":["9999.1.1","9999.1.3"],"sha256":"47252656d84badb7e05ccaeaf93790d0fb12cabd9049756bc91814e3e3c7e2c4"},{"import_time":"2025-12-04T00:27:05.456198039Z","modified_time":"2025-12-03T13:02:43Z","source":"ossf-package-analysis","versions":["9999.1.1"],"sha256":"c81f46b43dd8df82428a84fe16b8a8204069ad9a548c1996b62abd7e95b8b870"},{"import_time":"2025-12-23T20:38:59.781401059Z","modified_time":"2025-12-23T08:09:16Z","source":"reversing-labs","versions":["9999.0.0"],"id":"RLMA-2025-06243","sha256":"a0a01ab665ce993aab928a62ed3e3e5b42dc9ef906dcce1bef8471e13af48537"}]},"affected":[{"package":{"name":"elf-stats-mistletoe-sparkler-211","ecosystem":"npm","purl":"pkg:npm/elf-stats-mistletoe-sparkler-211"},"versions":["9999.1.1","9999.1.3","9999.0.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/elf-stats-mistletoe-sparkler-211/MAL-2025-192099.json"}}],"schema_version":"1.7.3","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}