{"id":"MAL-2025-29","summary":"Malicious code in cursor-shadow-workspace (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (1c0d7191f53edcbd6d8459f64259fb12d6390bc73fffef3e045a073875f0f91f)\nThe OpenSSF Package Analysis project identified 'cursor-shadow-workspace' @ 1.0.2 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n","modified":"2025-01-07T16:19:02Z","published":"2025-01-07T15:36:08Z","database_specific":{"malicious-packages-origins":[{"sha256":"1c0d7191f53edcbd6d8459f64259fb12d6390bc73fffef3e045a073875f0f91f","versions":["1.0.2"],"modified_time":"2025-01-07T15:36:08Z","source":"ossf-package-analysis","import_time":"2025-01-07T15:53:25.399169375Z"},{"sha256":"a31b5e92c54e600697bfe041fe85ea104f7de0c4f1f2151542a6980aa48890bd","versions":["1.0.3"],"modified_time":"2025-01-07T16:17:48Z","source":"ossf-package-analysis","import_time":"2025-01-07T16:18:30.343177305Z"}]},"affected":[{"package":{"name":"cursor-shadow-workspace","ecosystem":"npm","purl":"pkg:npm/cursor-shadow-workspace"},"versions":["1.0.2","1.0.3"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/cursor-shadow-workspace/MAL-2025-29.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}