{"id":"MAL-2025-3399","summary":"Malicious code in freo-design-system (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (8745e789b7b101fb7ede2f6f26567a39b6ec9522c2f6cad7f182098661442ced)\nThe OpenSSF Package Analysis project identified 'freo-design-system' @ 1.0.4 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n","modified":"2025-04-28T05:47:09Z","published":"2025-04-25T20:32:55Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2025-04-25T22:03:11Z","versions":["1.0.4"],"sha256":"8745e789b7b101fb7ede2f6f26567a39b6ec9522c2f6cad7f182098661442ced","import_time":"2025-04-25T22:05:59.299623021Z","source":"ossf-package-analysis"},{"modified_time":"2025-04-25T20:32:55Z","versions":["1.0.1"],"sha256":"c3f08833d8a9265ec24a0820654907caa4024da3200b01d32b85595daa67a15d","import_time":"2025-04-25T20:36:32.698413227Z","source":"ossf-package-analysis"}]},"affected":[{"package":{"name":"freo-design-system","ecosystem":"npm","purl":"pkg:npm/freo-design-system"},"versions":["1.0.4","1.0.1"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/freo-design-system/MAL-2025-3399.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}