{"id":"MAL-2026-1657","summary":"Malicious code in backstage-plugin-wpe-catalog (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (8ba337d37ef9344a2df43beb88ffec3f1061cba440eb4c4ed69798da6f3122b5)\nThe package backstage-plugin-wpe-catalog was found to contain malicious code.\n","modified":"2026-03-23T05:39:46.135856Z","published":"2026-03-18T12:40:09Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2026-03-18T12:40:09Z","id":"RLMA-2026-01116","import_time":"2026-03-19T12:18:34.347756606Z","source":"reversing-labs","versions":["100.0.0"],"sha256":"3389051af05b5366f8c426619bee35afc41c5e539bcf771f215077db12e92f2c"},{"sha256":"8ba337d37ef9344a2df43beb88ffec3f1061cba440eb4c4ed69798da6f3122b5","modified_time":"2026-03-23T05:11:41Z","import_time":"2026-03-23T05:14:07.121251449Z","source":"amazon-inspector","versions":["100.0.0"]}]},"affected":[{"package":{"name":"backstage-plugin-wpe-catalog","ecosystem":"npm","purl":"pkg:npm/backstage-plugin-wpe-catalog"},"versions":["100.0.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/backstage-plugin-wpe-catalog/MAL-2026-1657.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}