{"id":"MAL-2026-1347","summary":"Malicious code in f0-abstraction-resolver (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (224dc9dfb692343ce6baa1f2e8ce95e413f8a4d8d9991bea7c7272923cd7498c)\nThe package f0-abstraction-resolver was found to contain malicious code.\n\n## Source: ossf-package-analysis (56fcc957050122de02ae6bde3390433a7df94f0b3b66d2cb83847e49a50252d8)\nThe OpenSSF Package Analysis project identified 'f0-abstraction-resolver' @ 5.99.99 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2026-03-23T05:42:19.538467Z","published":"2026-03-11T21:06:33Z","database_specific":{"malicious-packages-origins":[{"versions":["5.99.99"],"source":"ossf-package-analysis","modified_time":"2026-03-11T21:06:33Z","import_time":"2026-03-11T21:12:26.47953018Z","sha256":"56fcc957050122de02ae6bde3390433a7df94f0b3b66d2cb83847e49a50252d8"},{"versions":["99.99.9"],"source":"ossf-package-analysis","modified_time":"2026-03-13T00:40:57Z","import_time":"2026-03-13T01:37:58.18226735Z","sha256":"c22c955c5165a4c78b1388925ed95a2c07b6c1d7a14be5c0e61a2103b6ac1a6e"},{"versions":["5.99.99","99.99.9"],"source":"amazon-inspector","modified_time":"2026-03-23T05:11:41Z","import_time":"2026-03-23T05:14:14.694248201Z","sha256":"224dc9dfb692343ce6baa1f2e8ce95e413f8a4d8d9991bea7c7272923cd7498c"}]},"affected":[{"package":{"name":"f0-abstraction-resolver","ecosystem":"npm","purl":"pkg:npm/f0-abstraction-resolver"},"versions":["5.99.99","99.99.9"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/f0-abstraction-resolver/MAL-2026-1347.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}