{"id":"MAL-2025-3949","summary":"Malicious code in evo-web (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (1963187cd4dc65fd86ae4bdae898bd2fea39e8e6a8464b3b00e2a83f5dcbb95b)\nThe OpenSSF Package Analysis project identified 'evo-web' @ 100.0.2 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2025-05-20T01:34:49Z","published":"2025-05-18T20:39:15Z","database_specific":{"malicious-packages-origins":[{"versions":["100.0.2"],"modified_time":"2025-05-18T20:39:15Z","source":"ossf-package-analysis","sha256":"1963187cd4dc65fd86ae4bdae898bd2fea39e8e6a8464b3b00e2a83f5dcbb95b","import_time":"2025-05-19T00:26:17.2928438Z"},{"versions":["100.0.5"],"modified_time":"2025-05-18T22:20:06Z","source":"ossf-package-analysis","sha256":"501235a805448944397509bbeb31637b228aa244782d8ced694003f8409d5d8e","import_time":"2025-05-19T00:26:17.811913125Z"},{"versions":["100.0.9"],"modified_time":"2025-05-19T05:55:53Z","source":"ossf-package-analysis","sha256":"cb8913f31144f9a9931b9e4551095b52bbd07553c42b10f26e2501f1f4e772f2","import_time":"2025-05-20T01:34:18.198311774Z"}]},"affected":[{"package":{"name":"evo-web","ecosystem":"npm","purl":"pkg:npm/evo-web"},"versions":["100.0.2","100.0.5","100.0.9"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/evo-web/MAL-2025-3949.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}