{"id":"MAL-2025-48431","summary":"Malicious code in enjin-docs (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (24afa8ea540d65aaac41e9b8290ea35057d333217eca4a50410143aa9e993bd4)\nThe OpenSSF Package Analysis project identified 'enjin-docs' @ 15.2.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2025-10-16T00:25:02Z","published":"2025-10-15T21:50:40Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2025-10-15T21:50:40Z","import_time":"2025-10-15T22:05:36.227991179Z","versions":["8.0.0"],"source":"ossf-package-analysis","sha256":"aa4de351aa4b33df056e33ba724412cd5826482a919ebadd8bd3452e04d990e4"},{"modified_time":"2025-10-15T22:52:24Z","import_time":"2025-10-15T23:05:49.47180005Z","versions":["9.0.0"],"source":"ossf-package-analysis","sha256":"b7989808937419fdbf560893a42153b6424bb1e665f9e82f30880c8930351700"},{"modified_time":"2025-10-15T23:15:29Z","import_time":"2025-10-15T23:34:19.872702018Z","versions":["15.2.0"],"source":"ossf-package-analysis","sha256":"24afa8ea540d65aaac41e9b8290ea35057d333217eca4a50410143aa9e993bd4"},{"modified_time":"2025-10-15T23:07:12Z","import_time":"2025-10-15T23:34:19.6953968Z","versions":["15.0.0"],"source":"ossf-package-analysis","sha256":"3e4c45a6bea990e1499c08cb749de162bff6f5207146478391d67cb1abda6e4e"},{"modified_time":"2025-10-15T23:12:42Z","import_time":"2025-10-15T23:34:19.783018093Z","versions":["15.1.0"],"source":"ossf-package-analysis","sha256":"e52e9c7d8a459cb623d505938906902bd2d9492e68ce7902f87a9bbcf7070a8a"},{"modified_time":"2025-10-15T23:36:41Z","import_time":"2025-10-16T00:24:32.360676453Z","versions":["15.2.2"],"source":"ossf-package-analysis","sha256":"b90340a835c5c67709f0d4b8318121835ebf582a6e7396229c6d37f152ba9646"},{"modified_time":"2025-10-15T23:50:59Z","import_time":"2025-10-16T00:24:32.480521421Z","versions":["16.4.4"],"source":"ossf-package-analysis","sha256":"e59c0db5b0d0a70e673cc82806361842e940a5a07833cbb0a1a61174578ce0b5"}]},"affected":[{"package":{"name":"enjin-docs","ecosystem":"npm","purl":"pkg:npm/enjin-docs"},"versions":["8.0.0","9.0.0","15.2.0","15.0.0","15.1.0","15.2.2","16.4.4"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/enjin-docs/MAL-2025-48431.json"}}],"schema_version":"1.7.3","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}