{"id":"MAL-2025-6795","summary":"Malicious code in productboard-freemail (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (6a6e97fd17d98afb5fe43af9593d6e212069bdd9fcf008969bb1773d097e22b7)\nThe OpenSSF Package Analysis project identified 'productboard-freemail' @ 10086.0.1113 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2025-08-06T18:45:10Z","published":"2025-08-06T06:16:06Z","database_specific":{"malicious-packages-origins":[{"versions":["1085.0.1113"],"import_time":"2025-08-06T06:46:11.428558498Z","source":"ossf-package-analysis","sha256":"0de7ae92335c9b0689677f684fe85921b255295307ffd4bab64abf3834379e99","modified_time":"2025-08-06T06:20:53Z"},{"versions":["100.0.1113"],"import_time":"2025-08-06T06:46:11.340267161Z","source":"ossf-package-analysis","sha256":"ef2f119983dacaecd15937366cf9b51730d779f17704f684402f80affda84dd4","modified_time":"2025-08-06T06:16:06Z"},{"versions":["10086.0.1113"],"import_time":"2025-08-06T17:39:51.875457921Z","source":"ossf-package-analysis","sha256":"6a6e97fd17d98afb5fe43af9593d6e212069bdd9fcf008969bb1773d097e22b7","modified_time":"2025-08-06T17:34:25Z"},{"versions":["10089.0.1113"],"import_time":"2025-08-06T18:08:55.767784431Z","source":"ossf-package-analysis","sha256":"e0dc6040748d651ef95decab5bf844f94e67f331b209fc6b71a339d7533b7ca7","modified_time":"2025-08-06T17:55:47Z"},{"versions":["11090.0.1113"],"import_time":"2025-08-06T18:44:46.940022485Z","source":"ossf-package-analysis","sha256":"4f8830d52fd5fe372c7fb81a142530d3275e942ba1231cdd98584095120346c0","modified_time":"2025-08-06T18:21:02Z"},{"versions":["11091.0.1113"],"import_time":"2025-08-06T18:44:47.114352944Z","source":"ossf-package-analysis","sha256":"98503f9059259327136d3ddbf9a9091c3bc2b4a1f6124975c5cc26c46ac8a4e8","modified_time":"2025-08-06T18:25:59Z"}]},"affected":[{"package":{"name":"productboard-freemail","ecosystem":"npm","purl":"pkg:npm/productboard-freemail"},"versions":["1085.0.1113","100.0.1113","10086.0.1113","10089.0.1113","11090.0.1113","11091.0.1113","100.0.1112"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/productboard-freemail/MAL-2025-6795.json"}}],"schema_version":"1.7.3","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}