{"id":"MAL-2026-1701","summary":"Malicious code in corp-sign-core-js (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (8f94c959e18ab1995ded47f657c3ab5e5b8924c279ab0dc9e95f42ca2dc36027)\nThe package corp-sign-core-js was found to contain malicious code.\n","modified":"2026-03-23T05:41:18.071247Z","published":"2026-03-18T12:45:10Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2026-03-18T12:45:10Z","sha256":"7c02e611750fa54116f873c731ee5f02f099a9fc9f37c0db8a226953324b09b8","id":"RLMA-2026-01227","import_time":"2026-03-19T12:18:44.010491204Z","source":"reversing-labs","versions":["0.99.99","1.99.99","2.99.99"]},{"modified_time":"2026-03-23T05:11:41Z","sha256":"8f94c959e18ab1995ded47f657c3ab5e5b8924c279ab0dc9e95f42ca2dc36027","import_time":"2026-03-23T05:14:01.497929014Z","source":"amazon-inspector","versions":["0.99.99","1.99.99","2.99.99"]}]},"affected":[{"package":{"name":"corp-sign-core-js","ecosystem":"npm","purl":"pkg:npm/corp-sign-core-js"},"versions":["0.99.99","1.99.99","2.99.99"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/corp-sign-core-js/MAL-2026-1701.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}