{"id":"MAL-2026-1430","summary":"Malicious code in @3stripes/utils (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (a35a49fa45b490839a3f7671aed0d41c821f7a2925a015debe9f168e09476451)\nThe package @3stripes/utils was found to contain malicious code.\n\n## Source: ossf-package-analysis (bc4b306efe8e2f54c22563b5927c251b0d6d41fd58d135b63192e3c712ce04fd)\nThe OpenSSF Package Analysis project identified '@3stripes/utils' @ 999.0.2 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n","modified":"2026-03-23T05:36:22.520811Z","published":"2026-03-15T05:45:43Z","database_specific":{"malicious-packages-origins":[{"sha256":"bc4b306efe8e2f54c22563b5927c251b0d6d41fd58d135b63192e3c712ce04fd","source":"ossf-package-analysis","modified_time":"2026-03-15T05:45:43Z","import_time":"2026-03-15T05:56:20.738330326Z","versions":["999.0.2"]},{"sha256":"a35a49fa45b490839a3f7671aed0d41c821f7a2925a015debe9f168e09476451","source":"amazon-inspector","modified_time":"2026-03-23T05:11:41Z","import_time":"2026-03-23T05:14:29.701110969Z","versions":["999.0.2"]}]},"affected":[{"package":{"name":"@3stripes/utils","ecosystem":"npm","purl":"pkg:npm/%403stripes/utils"},"versions":["999.0.2"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@3stripes/utils/MAL-2026-1430.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}