{"id":"MAL-2025-41359","summary":"Malicious code in @wp-feature-api/client-features (npm)","details":"The package communicates with a domain associated with malicious activity.\n\n---\n_-= Per source details. Do not edit below this line.=-_\n","modified":"2025-09-26T11:06:44Z","published":"2025-08-21T18:44:03Z","database_specific":{"malicious-packages-origins":[{"versions":["9.9.99"],"id":"RLMA-2025-04907","modified_time":"2025-09-26T09:19:53Z","source":"reversing-labs","sha256":"2b0e47537cfc5e83e6ff996ed49e8a404547da206144d3af0c2c7bb51ac8c002","import_time":"2025-09-26T11:05:44.522412458Z"}]},"affected":[{"package":{"name":"@wp-feature-api/client-features","ecosystem":"npm","purl":"pkg:npm/%40wp-feature-api/client-features"},"ranges":[{"type":"SEMVER","events":[{"introduced":"9.9.99"}]}],"versions":["9.9.99"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@wp-feature-api/client-features/MAL-2025-41359.json"}}],"schema_version":"1.7.3","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}