{"id":"MAL-2025-47421","summary":"Malicious code in @strong-energetic/test-banned-file (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: google-open-source-security (beb2182dad9121d8cdfbd98f321d90cd62cda75f2c4ef68f1a5e22608808dc91)\nThis package was compromised by the Shai-Hulud NPM worm. The malicious payload\nsteals tokens and credentials and publishes them to GitHub before propogating\nitself to NPM packages the user owns.\n","modified":"2025-09-17T05:58:45Z","published":"2025-09-17T05:58:45Z","database_specific":{"malicious-packages-origins":[{"sha256":"beb2182dad9121d8cdfbd98f321d90cd62cda75f2c4ef68f1a5e22608808dc91","versions":["1.0.1"],"import_time":"2025-09-17T05:59:33.931323Z","source":"google-open-source-security","modified_time":"2025-09-17T05:58:45Z"}]},"references":[{"type":"WEB","url":"https://www.wiz.io/blog/shai-hulud-npm-supply-chain-attack"},{"type":"WEB","url":"https://semgrep.dev/blog/2025/security-advisory-npm-packages-using-secret-scanning-tools-to-steal-credentials/"},{"type":"WEB","url":"https://www.aikido.dev/blog/s1ngularity-nx-attackers-strike-again"},{"type":"WEB","url":"https://www.stepsecurity.io/blog/ctrl-tinycolor-and-40-npm-packages-compromised"},{"type":"WEB","url":"https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages"}],"affected":[{"package":{"name":"@strong-energetic/test-banned-file","ecosystem":"npm","purl":"pkg:npm/%40strong-energetic/test-banned-file"},"versions":["1.0.1"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@strong-energetic/test-banned-file/MAL-2025-47421.json"}}],"schema_version":"1.7.3"}