{"id":"MAL-2026-1711","summary":"Malicious code in dotenv-int (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (5ff3b8c2dda09766587481490c9be74a1af10a9660698a8f7b8f31a7df47bc96)\nThe package dotenv-int was found to contain malicious code.\n","modified":"2026-03-23T05:42:01.066135Z","published":"2026-03-18T12:47:37Z","database_specific":{"malicious-packages-origins":[{"source":"reversing-labs","sha256":"92371211679e4811dce5d678a9b61a3e2aa60e12bc677df717223024954f2ff8","modified_time":"2026-03-18T12:47:37Z","versions":["3.5.5"],"id":"RLMA-2026-01252","import_time":"2026-03-19T12:18:46.265082212Z"},{"source":"amazon-inspector","sha256":"5ff3b8c2dda09766587481490c9be74a1af10a9660698a8f7b8f31a7df47bc96","modified_time":"2026-03-23T05:11:41Z","versions":["3.5.5"],"import_time":"2026-03-23T05:14:40.712891252Z"}]},"affected":[{"package":{"name":"dotenv-int","ecosystem":"npm","purl":"pkg:npm/dotenv-int"},"versions":["3.5.5"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/dotenv-int/MAL-2026-1711.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}