{"id":"MAL-2026-1485","summary":"Malicious code in react-refresh-update (npm)","details":"Package contains highly obfuscated code with dynamic execution using eval(), a strong indicator of malicious intent. YARA rule matches confirm.\n\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (68cf0c0bd6ed2a8c07bc175b5c0cc7f86a49133e67dd5d8f68f37309c5f1a463)\nThe package react-refresh-update was found to contain malicious code.\n","modified":"2026-03-23T05:45:28.099905Z","published":"2026-03-16T10:02:26Z","database_specific":{"malicious-packages-origins":[{"sha256":"68cf0c0bd6ed2a8c07bc175b5c0cc7f86a49133e67dd5d8f68f37309c5f1a463","import_time":"2026-03-23T05:14:41.175064777Z","modified_time":"2026-03-23T05:11:41Z","source":"amazon-inspector","ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}]}]},"references":[{"type":"REPORT","url":"https://app.safedep.io/community/malysis/01KJY66T1PJCZD1V81210YQCDH"}],"affected":[{"package":{"name":"react-refresh-update","ecosystem":"npm","purl":"pkg:npm/react-refresh-update"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/react-refresh-update/MAL-2026-1485.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"SafeDep","contact":["https://safedep.io"],"type":"FINDER"}]}