{"id":"MAL-2025-5049","summary":"Malicious code in pxsceneui-example-02 (npm)","details":"The package communicates with a domain associated with malicious activity.\n\n---\n_-= Per source details. Do not edit below this line.=-_\n","aliases":["GHSA-j9fm-qqfw-gfp7","SNYK-JS-PXSCENEUIEXAMPLE02-10558300"],"modified":"2025-08-01T10:58:44.108164Z","published":"2025-06-16T15:54:05Z","database_specific":{"malicious-packages-origins":[{"import_time":"2025-08-01T10:41:29.255371047Z","sha256":"06b0427442a6aa1cc8f606d953b5408e88ceec199a4220f479dcdfac8883f08a","source":"reversing-labs","modified_time":"2025-07-31T19:38:31Z","versions":["1.0.1","1.0.2","1.0.3"],"id":"RLMA-2025-03993"}]},"references":[{"type":"PACKAGE","url":"https://npmjs.com/package/pxsceneui-example-02"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-j9fm-qqfw-gfp7"},{"type":"ADVISORY","url":"https://security.snyk.io/vuln/SNYK-JS-PXSCENEUIEXAMPLE02-10558300"}],"affected":[{"package":{"name":"pxsceneui-example-02","ecosystem":"npm","purl":"pkg:npm/pxsceneui-example-02"},"ranges":[{"type":"SEMVER","events":[{"introduced":"1.0.2"}]}],"versions":["1.0.1","1.0.2","1.0.3"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/pxsceneui-example-02/MAL-2025-5049.json"}}],"schema_version":"1.7.3","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}