{"id":"MAL-2025-5211","summary":"Malicious code in cro-pricing (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (ad3153abfc5098f205551190f8a491deda5c4b47c00a18ed66800ef238c6b78d)\nThe OpenSSF Package Analysis project identified 'cro-pricing' @ 1.0.8 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2025-06-21T02:35:21Z","published":"2025-06-21T00:59:44Z","database_specific":{"malicious-packages-origins":[{"source":"ossf-package-analysis","sha256":"4900ac11d76b67823e8cf4eebc80801199ba012deb8cbca0ef6c5f6be14f5a7c","modified_time":"2025-06-21T00:59:44Z","versions":["1.0.3"],"import_time":"2025-06-21T01:33:23.350422895Z"},{"source":"ossf-package-analysis","sha256":"7bd2cd1609d710658a47c1dcd37bc6f2b329d8704a360dc8442cf5a0d1062a9f","modified_time":"2025-06-21T01:11:36Z","versions":["1.0.4"],"import_time":"2025-06-21T01:33:23.651288142Z"},{"source":"ossf-package-analysis","sha256":"c8c4724ad20672235580ec4abe9c103ec7ecdf2f328ea5c283e8e0efd54ad9ff","modified_time":"2025-06-21T01:20:55Z","versions":["1.0.5"],"import_time":"2025-06-21T01:33:23.920376013Z"},{"source":"ossf-package-analysis","sha256":"ad3153abfc5098f205551190f8a491deda5c4b47c00a18ed66800ef238c6b78d","modified_time":"2025-06-21T02:15:50Z","versions":["1.0.8"],"import_time":"2025-06-21T02:34:51.98742545Z"},{"source":"ossf-package-analysis","sha256":"ee4a6ec40052cc9d5c28cfa09ed8356d1fe9f4c011c63e94e689e79b5f16e7d7","modified_time":"2025-06-21T02:05:38Z","versions":["1.0.7"],"import_time":"2025-06-21T02:34:51.876301077Z"}]},"affected":[{"package":{"name":"cro-pricing","ecosystem":"npm","purl":"pkg:npm/cro-pricing"},"versions":["1.0.3","1.0.4","1.0.5","1.0.8","1.0.7"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/cro-pricing/MAL-2025-5211.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}