{"id":"MAL-2026-1456","summary":"Malicious code in rrweb-v1 (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (b2c1a8d89ba0817d9264bc9f6e59c5c1e4c683b98ce32ba7d9bcb3e61f1f016b)\nThe package rrweb-v1 was found to contain malicious code.\n\n## Source: ossf-package-analysis (94ad4f38fe1502fe61c2de51dac1c4e4c569535af81a38c6b2af57e4bd26b16c)\nThe OpenSSF Package Analysis project identified 'rrweb-v1' @ 99.99.2 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2026-03-23T05:45:30.010274Z","published":"2026-03-13T07:10:46Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2026-03-13T07:10:46Z","source":"ossf-package-analysis","import_time":"2026-03-16T04:26:04.833346117Z","versions":["99.99.2"],"sha256":"94ad4f38fe1502fe61c2de51dac1c4e4c569535af81a38c6b2af57e4bd26b16c"},{"modified_time":"2026-03-23T05:11:41Z","source":"amazon-inspector","import_time":"2026-03-23T05:14:23.613374988Z","versions":["99.99.2"],"sha256":"b2c1a8d89ba0817d9264bc9f6e59c5c1e4c683b98ce32ba7d9bcb3e61f1f016b"}]},"affected":[{"package":{"name":"rrweb-v1","ecosystem":"npm","purl":"pkg:npm/rrweb-v1"},"versions":["99.99.2"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/rrweb-v1/MAL-2026-1456.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}