{"id":"MAL-2026-1041","summary":"Malicious code in secure-monkey (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (86cd85a74e391ecd4f01e0ca9a2f8db368edc52021d175bb01a957669f2301ba)\nThe package secure-monkey was found to contain malicious code.\n\n## Source: ossf-package-analysis (3c75ad29fdd83c7c6a16e25ec8443546c2baa3175e2312174126049002428b9b)\nThe OpenSSF Package Analysis project identified 'secure-monkey' @ 1.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2026-03-01T21:02:26.233397Z","published":"2026-02-23T11:30:57Z","database_specific":{"malicious-packages-origins":[{"sha256":"3c75ad29fdd83c7c6a16e25ec8443546c2baa3175e2312174126049002428b9b","import_time":"2026-02-26T01:37:59.050368657Z","versions":["1.0.0"],"source":"ossf-package-analysis","modified_time":"2026-02-23T11:30:57Z"},{"sha256":"5b13b2b2550bb01b98a5a6e3fe6b5a637d438184a3d72318b363d1a8bd42e418","import_time":"2026-02-26T01:37:59.710638369Z","versions":["1.1.2"],"source":"ossf-package-analysis","modified_time":"2026-02-24T09:43:13Z"},{"sha256":"640889cabf7800a2f8f7053ee3421feda2e7987c445c7bb07fedbc3ecc004f98","import_time":"2026-02-26T01:37:59.640542956Z","versions":["1.1.1"],"source":"ossf-package-analysis","modified_time":"2026-02-24T09:38:57Z"},{"sha256":"86cd85a74e391ecd4f01e0ca9a2f8db368edc52021d175bb01a957669f2301ba","import_time":"2026-03-01T20:41:58.688689868Z","versions":["1.0.0","1.1.2","1.1.1"],"source":"amazon-inspector","modified_time":"2026-03-01T20:25:57Z"}]},"affected":[{"package":{"name":"secure-monkey","ecosystem":"npm","purl":"pkg:npm/secure-monkey"},"versions":["1.0.0","1.1.2","1.1.1"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/secure-monkey/MAL-2026-1041.json"}}],"schema_version":"1.7.3","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}