{"id":"MAL-2025-6929","summary":"Malicious code in eslint-plugin-i18n-scan (npm)","details":"The package communicates with a domain associated with malicious activity.\n\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (24f25e113ba45d8c8835196aef1b368f2a1e4fb1aecdc17e3a6d47db15371e04)\nThe OpenSSF Package Analysis project identified 'eslint-plugin-i18n-scan' @ 11.0.5 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2025-08-29T06:43:16Z","published":"2025-08-17T18:06:49Z","database_specific":{"malicious-packages-origins":[{"import_time":"2025-08-18T06:09:47.356629126Z","source":"ossf-package-analysis","sha256":"24f25e113ba45d8c8835196aef1b368f2a1e4fb1aecdc17e3a6d47db15371e04","versions":["11.0.5"],"modified_time":"2025-08-17T18:06:49Z"},{"source":"reversing-labs","import_time":"2025-08-29T06:42:20.615618805Z","id":"RLMA-2025-04514","sha256":"7a982110d97a91052360ea7faa09026397f41fdc9ccc57a29426a2e5a06ed507","versions":["11.0.4","11.0.5"],"modified_time":"2025-08-28T07:27:34Z"}]},"affected":[{"package":{"name":"eslint-plugin-i18n-scan","ecosystem":"npm","purl":"pkg:npm/eslint-plugin-i18n-scan"},"ranges":[{"type":"SEMVER","events":[{"introduced":"11.0.4"}]}],"versions":["11.0.5","11.0.4"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/eslint-plugin-i18n-scan/MAL-2025-6929.json"}}],"schema_version":"1.7.3","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}