{"id":"MAL-2026-1494","summary":"Malicious code in navi-design-system (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (7d7c20b1a93d0713a7cd64e5937906dc8db43fe90795827cedac30fc64031c68)\nThe package navi-design-system was found to contain malicious code.\n\n## Source: ossf-package-analysis (456529de586987eca70b76fe07da6ed022e7bb8dfaf9d36a47db75809cdc3b49)\nThe OpenSSF Package Analysis project identified 'navi-design-system' @ 99.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n","modified":"2026-03-23T05:44:17.305767Z","published":"2026-03-17T06:15:39Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2026-03-17T06:15:39Z","sha256":"1b246a64e8aa9a9d379cb47a0dea39ba7a7262de32e0e30954ea3e8b784d6228","source":"ossf-package-analysis","import_time":"2026-03-17T06:28:32.036701769Z","versions":["7.0.0"]},{"modified_time":"2026-03-17T06:21:02Z","sha256":"456529de586987eca70b76fe07da6ed022e7bb8dfaf9d36a47db75809cdc3b49","source":"ossf-package-analysis","import_time":"2026-03-17T06:28:32.109680552Z","versions":["99.0.0"]},{"modified_time":"2026-03-17T06:40:47Z","sha256":"ab6d142ced2d17d8d89719361fc372158ef8a06428aac08d06e1ad6949463aa3","source":"ossf-package-analysis","import_time":"2026-03-17T06:53:16.40490058Z","versions":["99.1.0"]},{"modified_time":"2026-03-23T05:11:41Z","sha256":"7d7c20b1a93d0713a7cd64e5937906dc8db43fe90795827cedac30fc64031c68","source":"amazon-inspector","import_time":"2026-03-23T05:14:21.992432505Z","versions":["7.0.0","99.0.0","99.1.0"]}]},"affected":[{"package":{"name":"navi-design-system","ecosystem":"npm","purl":"pkg:npm/navi-design-system"},"versions":["7.0.0","99.0.0","99.1.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/navi-design-system/MAL-2026-1494.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}