{"id":"MAL-2025-41257","summary":"Malicious code in @uit-spritesmith/webpack (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (26ec1ae1c565770377c72c56c41c0a0ec1387c318225b2c8b2db2c255c96839c)\nThe OpenSSF Package Analysis project identified '@uit-spritesmith/webpack' @ 0.1.3 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n","modified":"2025-08-20T23:35:33Z","published":"2025-08-20T22:40:51Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2025-08-20T22:40:51Z","import_time":"2025-08-20T23:06:02.091703134Z","sha256":"26ec1ae1c565770377c72c56c41c0a0ec1387c318225b2c8b2db2c255c96839c","source":"ossf-package-analysis","versions":["0.1.3"]},{"modified_time":"2025-08-20T23:16:54Z","import_time":"2025-08-20T23:34:53.466903644Z","sha256":"3745675e8faf99997bfe8830b4d33223a1b19491ed304d4dd176801444da9798","source":"ossf-package-analysis","versions":["0.1.4"]}]},"affected":[{"package":{"name":"@uit-spritesmith/webpack","ecosystem":"npm","purl":"pkg:npm/%40uit-spritesmith/webpack"},"versions":["0.1.2","0.1.3","0.1.4"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@uit-spritesmith/webpack/MAL-2025-41257.json"}}],"schema_version":"1.7.3","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}