{"id":"MAL-2025-41450","summary":"Malicious code in @metadata-ipfs/bonk.fun-ipfs (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n","modified":"2026-03-19T12:38:19.534257Z","published":"2025-08-28T07:14:22Z","database_specific":{"malicious-packages-origins":[{"sha256":"1f20a2eede805b4ccb40dd2de6452328ed31e04e1dd2b7f197fa6ed591dc4263","source":"reversing-labs","import_time":"2025-08-29T06:42:01.011597712Z","modified_time":"2025-08-28T07:14:22Z","versions":["1.13.13","1.13.14"],"id":"RLMA-2025-04327"},{"sha256":"ecaa4c61835780108b80b961c512074965e025fdda438054b79f540a43978f7b","source":"reversing-labs","import_time":"2026-03-19T12:20:47.724563194Z","modified_time":"2026-03-18T12:29:42Z","id":"RLUA-2026-01035"}]},"references":[{"type":"WEB","url":"https://www.getsafety.com/blog-posts/malicious-hash-validation-packages"}],"affected":[{"package":{"name":"@metadata-ipfs/bonk.fun-ipfs","ecosystem":"npm","purl":"pkg:npm/%40metadata-ipfs/bonk.fun-ipfs"},"versions":["1.13.13","1.13.14"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@metadata-ipfs/bonk.fun-ipfs/MAL-2025-41450.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}