{"id":"MAL-2025-41358","summary":"Malicious code in @stackgl/gl-conformance (npm)","details":"The package communicates with a domain associated with malicious activity.\n\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (6402e01df0460d9b2d3778bed73dc61d60fc700196a3bb56a2e91768227f3391)\nThe OpenSSF Package Analysis project identified '@stackgl/gl-conformance' @ 9.999.999 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n","modified":"2025-09-26T11:06:44Z","published":"2025-08-21T18:44:31Z","database_specific":{"malicious-packages-origins":[{"versions":["9.999.999"],"import_time":"2025-08-26T17:05:46.453630525Z","modified_time":"2025-08-26T16:54:15Z","source":"ossf-package-analysis","sha256":"6402e01df0460d9b2d3778bed73dc61d60fc700196a3bb56a2e91768227f3391"},{"id":"RLMA-2025-04900","versions":["9.9.99","9.99.99","9.99.999","9.999.999"],"import_time":"2025-09-26T11:05:43.983072166Z","modified_time":"2025-09-26T09:18:54Z","source":"reversing-labs","sha256":"b78147da975e14e7ad038764b014d3be0c17a6971196a0b34e2accf76f294419"}]},"affected":[{"package":{"name":"@stackgl/gl-conformance","ecosystem":"npm","purl":"pkg:npm/%40stackgl/gl-conformance"},"ranges":[{"type":"SEMVER","events":[{"introduced":"9.9.99"}]}],"versions":["9.999.999","9.9.99","9.99.99","9.99.999"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@stackgl/gl-conformance/MAL-2025-41358.json"}}],"schema_version":"1.7.3","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}