{"id":"MAL-2025-41572","summary":"Malicious code in graphkitx (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n","modified":"2026-04-16T15:55:13.121185Z","published":"2025-08-28T07:29:57Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2025-08-28T07:29:57Z","versions":["2.0.0","2.1.0"],"id":"RLMA-2025-04548","import_time":"2025-08-29T06:42:23.974900697Z","sha256":"4bab0b12e99a9b231eeb18b9b3cd476a1727f040b5d02535559b8d3d0c28258f","source":"reversing-labs"},{"modified_time":"2026-04-16T09:59:26Z","source":"reversing-labs","id":"RLUA-2026-01961","import_time":"2026-04-16T15:39:29.322562515Z","sha256":"abeaef3781404f150f6fc6d94af571dd6039d107cf775b6b390b5fde065de496"}]},"references":[{"type":"ARTICLE","url":"https://www.reversinglabs.com/blog/inside-graphalgo"}],"affected":[{"package":{"name":"graphkitx","ecosystem":"npm","purl":"pkg:npm/graphkitx"},"versions":["2.0.0","2.1.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/graphkitx/MAL-2025-41572.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}