{"id":"MAL-2025-6737","summary":"Malicious code in newrelic-scheduler (npm)","details":"The package communicates with a domain associated with malicious activity.\n\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (283d0b11edc13929f769d9072e403ef35901c2c26167edbfadb2573cbadaa850)\nThe OpenSSF Package Analysis project identified 'newrelic-scheduler' @ 1.1.2 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2025-08-05T06:46:43Z","published":"2025-08-02T09:16:16Z","database_specific":{"malicious-packages-origins":[{"source":"ossf-package-analysis","versions":["1.1.2"],"modified_time":"2025-08-02T10:00:48Z","import_time":"2025-08-05T06:46:14.81823383Z","sha256":"283d0b11edc13929f769d9072e403ef35901c2c26167edbfadb2573cbadaa850"},{"source":"ossf-package-analysis","versions":["1.0.1"],"modified_time":"2025-08-02T09:16:16Z","import_time":"2025-08-05T06:46:14.304769434Z","sha256":"648e3fc59a43920b3a347c8cbcf53c76ebbf141113527c6d6c9713adb6f6fe07"},{"source":"ossf-package-analysis","versions":["1.0.7"],"modified_time":"2025-08-02T09:49:42Z","import_time":"2025-08-05T06:46:14.589319232Z","sha256":"7c011fd9be2efce6737c343219bd3c416fc454ff94ef5918e6138842952a363b"},{"source":"ossf-package-analysis","versions":["1.0.5"],"modified_time":"2025-08-02T09:42:15Z","import_time":"2025-08-05T06:46:14.447533581Z","sha256":"8b7c2a5a560f8f878a6e5e8c2b909a0492a561d2c3d4d4548204a020d2497461"},{"source":"ossf-package-analysis","versions":["1.0.9"],"modified_time":"2025-08-02T09:53:33Z","import_time":"2025-08-05T06:46:14.709081234Z","sha256":"e04d1963c75c5dddbdf816eaa88b878722d1ddd3396e24b5ab796a3fa0cd36b9"}]},"affected":[{"package":{"name":"newrelic-scheduler","ecosystem":"npm","purl":"pkg:npm/newrelic-scheduler"},"ranges":[{"type":"SEMVER","events":[{"introduced":"1.0.1"}]}],"versions":["1.1.2","1.0.1","1.0.7","1.0.5","1.0.9"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/newrelic-scheduler/MAL-2025-6737.json"}}],"schema_version":"1.7.3","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}