{"id":"MAL-2025-192884","summary":"Malicious code in vite-react-setting (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (a8a246e42e62b3ccd2cac32fc43c833154af9a78ee11e47c84bad10cf7895b25)\nThe package vite-react-setting was found to contain malicious code.\n","modified":"2026-01-02T22:04:45.199667Z","published":"2025-12-23T08:35:16Z","database_specific":{"malicious-packages-origins":[{"versions":["0.7.6"],"source":"reversing-labs","sha256":"1879e4c79926383029679ed7c4b8f09139097632267513ac842b1b1f3ebe0cf7","modified_time":"2025-12-23T08:35:16Z","id":"RLMA-2025-06533","import_time":"2025-12-24T10:07:29.48966685Z"},{"versions":["0.7.6"],"source":"amazon-inspector","sha256":"a8a246e42e62b3ccd2cac32fc43c833154af9a78ee11e47c84bad10cf7895b25","modified_time":"2026-01-02T21:29:26Z","import_time":"2026-01-02T21:35:51.233155895Z"}]},"affected":[{"package":{"name":"vite-react-setting","ecosystem":"npm","purl":"pkg:npm/vite-react-setting"},"versions":["0.7.6"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/vite-react-setting/MAL-2025-192884.json"}}],"schema_version":"1.7.3","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}