{"id":"MAL-2026-1259","summary":"Malicious code in pino-sdk-v2 (npm)","details":"Malware detected: Exfiltrates .env file keys to Discord webhook. Impersonates legit pino package with modified malicious `package/lib/tools.js`.\n\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (093fa98258b33a735216506ea119532a3cc24c92359028b4bb1955d0b712951a)\nThe package pino-sdk-v2 was found to contain malicious code.\n","modified":"2026-03-08T01:51:23.945085Z","published":"2026-03-06T07:19:17Z","database_specific":{"malicious-packages-origins":[{"source":"amazon-inspector","import_time":"2026-03-08T01:37:56.249636634Z","sha256":"093fa98258b33a735216506ea119532a3cc24c92359028b4bb1955d0b712951a","modified_time":"2026-03-08T01:35:03Z","ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}]}]},"references":[{"type":"REPORT","url":"https://app.safedep.io/community/malysis/01KK0QM8FQ0N7R7MP5JXCMYCCG"}],"affected":[{"package":{"name":"pino-sdk-v2","ecosystem":"npm","purl":"pkg:npm/pino-sdk-v2"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/pino-sdk-v2/MAL-2026-1259.json"}}],"schema_version":"1.7.3","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"SafeDep","contact":["https://safedep.io"],"type":"FINDER"}]}