{"id":"MAL-2025-6866","summary":"Malicious code in f0-service-manager (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (3c1c79e59e1f33e79ec5042730e0bfb49f02f35acd0399884dbdac006aebcbbd)\nThe OpenSSF Package Analysis project identified 'f0-service-manager' @ 4.1.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n","modified":"2025-08-13T19:06:06Z","published":"2025-08-13T17:15:52Z","database_specific":{"malicious-packages-origins":[{"source":"ossf-package-analysis","modified_time":"2025-08-13T17:15:52Z","versions":["4.1.0"],"import_time":"2025-08-13T17:35:33.234414297Z","sha256":"3c1c79e59e1f33e79ec5042730e0bfb49f02f35acd0399884dbdac006aebcbbd"},{"source":"ossf-package-analysis","modified_time":"2025-08-13T18:11:50Z","versions":["4.3.0"],"import_time":"2025-08-13T18:42:52.125588135Z","sha256":"ee8c3eaae07ef9646c9de26bf22d1117f08f89940886b7951d7797221aaed2cf"},{"source":"ossf-package-analysis","modified_time":"2025-08-13T19:00:53Z","versions":["4.4.0"],"import_time":"2025-08-13T19:05:38.823278578Z","sha256":"8b9f11002000c3fc168e26d71670ec03982b7c6c8356d56af9519bd9b52dc950"}]},"affected":[{"package":{"name":"f0-service-manager","ecosystem":"npm","purl":"pkg:npm/f0-service-manager"},"versions":["4.1.0","4.3.0","4.4.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/f0-service-manager/MAL-2025-6866.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}