{"id":"MAL-2025-6796","summary":"Malicious code in lynx-libs-mono (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (7dcde725ba12b559bfd1e62b8d6058ced4b0a5ed11b9f168f8f6f576b42ef801)\nThe OpenSSF Package Analysis project identified 'lynx-libs-mono' @ 1.0.10 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n","modified":"2025-08-06T16:08:51Z","published":"2025-08-06T14:50:43Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2025-08-06T14:50:43Z","source":"ossf-package-analysis","import_time":"2025-08-06T15:07:55.41690524Z","sha256":"24629df33217ef24785afb154f45239736aa445bc8c3b249159ab3c1c29c4c33","versions":["1.0.1"]},{"modified_time":"2025-08-06T15:40:51Z","source":"ossf-package-analysis","import_time":"2025-08-06T16:08:21.221534362Z","sha256":"7dcde725ba12b559bfd1e62b8d6058ced4b0a5ed11b9f168f8f6f576b42ef801","versions":["1.0.10"]}]},"affected":[{"package":{"name":"lynx-libs-mono","ecosystem":"npm","purl":"pkg:npm/lynx-libs-mono"},"versions":["1.0.1","1.0.10"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/lynx-libs-mono/MAL-2025-6796.json"}}],"schema_version":"1.7.3","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}