{"id":"MAL-2025-42142","summary":"Malicious code in brave-real-launcher (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (ec706dec762e96c2e6f2990c75a05808c5226fdd400419402135c910c5e639a5)\nThe OpenSSF Package Analysis project identified 'brave-real-launcher' @ 1.0.10 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2025-09-04T08:08:13Z","published":"2025-09-04T04:25:18Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2025-09-04T04:25:18Z","versions":["1.0.8"],"import_time":"2025-09-04T04:37:31.061590319Z","source":"ossf-package-analysis","sha256":"9e3938f6650a9a236064818f51254155f432ceb0c9255246e797ba6f0a94331c"},{"modified_time":"2025-09-04T04:35:55Z","versions":["1.0.10"],"import_time":"2025-09-04T04:37:31.212380987Z","source":"ossf-package-analysis","sha256":"ec706dec762e96c2e6f2990c75a05808c5226fdd400419402135c910c5e639a5"},{"modified_time":"2025-09-04T07:51:46Z","versions":["2.0.7"],"import_time":"2025-09-04T08:07:44.704631199Z","source":"ossf-package-analysis","sha256":"6b3f10c7e37d4f03652df6fedfb65791acbb14bb3f3b8f92efee82e6f132df7e"}]},"affected":[{"package":{"name":"brave-real-launcher","ecosystem":"npm","purl":"pkg:npm/brave-real-launcher"},"versions":["1.0.8","1.0.10","2.0.7"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/brave-real-launcher/MAL-2025-42142.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}