{"id":"MAL-2025-3176","summary":"Malicious code in @n37scancp/highlight.js (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (944af106fc0b2a334ed1ab4fb6784a0b2cc01e5f795b1de3449b8deaf6560b50)\nThe OpenSSF Package Analysis project identified '@n37scancp/highlight.js' @ 11.11.12 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2025-04-29T00:50:22Z","published":"2025-04-08T02:32:45Z","database_specific":{"malicious-packages-origins":[{"source":"ossf-package-analysis","sha256":"50188d758ccf5cf50022352f4b30f7c50730da56af5d97f46dacc134483df696","modified_time":"2025-04-08T02:46:40Z","import_time":"2025-04-09T01:33:39.903443271Z","versions":["11.11.2"]},{"source":"ossf-package-analysis","sha256":"508e6bb1fe0b8750829cee985602b37f7a4c4c623a996a7f8e8bc2ee1eb3708d","modified_time":"2025-04-08T02:32:45Z","import_time":"2025-04-09T01:33:39.798892649Z","versions":["11.11.1"]},{"source":"ossf-package-analysis","sha256":"995611c6f5636bc26bdd2d40ce287a7dcf61f7d04ceef760f760f54efcabd367","modified_time":"2025-04-08T03:11:49Z","import_time":"2025-04-09T01:33:40.009239907Z","versions":["11.11.4"]},{"source":"ossf-package-analysis","sha256":"944af106fc0b2a334ed1ab4fb6784a0b2cc01e5f795b1de3449b8deaf6560b50","modified_time":"2025-04-17T15:21:38Z","import_time":"2025-04-29T00:49:52.67700238Z","versions":["11.11.12"]}]},"affected":[{"package":{"name":"@n37scancp/highlight.js","ecosystem":"npm","purl":"pkg:npm/%40n37scancp/highlight.js"},"versions":["11.11.2","11.11.1","11.11.4","11.11.12"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@n37scancp/highlight.js/MAL-2025-3176.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}