{"id":"MAL-2026-1713","summary":"Malicious code in dotenv-node-cli (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (f5f6b181cb56922381245597b93fd06147dd83845cd9467098172f6eab07a7c0)\nThe package dotenv-node-cli was found to contain malicious code.\n","modified":"2026-03-23T05:42:02.439425Z","published":"2026-03-18T12:47:39Z","database_specific":{"malicious-packages-origins":[{"id":"RLMA-2026-01256","modified_time":"2026-03-18T12:47:39Z","import_time":"2026-03-19T12:18:46.603286976Z","versions":["3.3.5"],"source":"reversing-labs","sha256":"47f9904f1d1f47b2cea85dcb73f5caf8e848a2dca9ad279bc04835f0fc3f7b2c"},{"modified_time":"2026-03-23T05:11:41Z","import_time":"2026-03-23T05:13:59.011163426Z","versions":["3.3.5"],"source":"amazon-inspector","sha256":"f5f6b181cb56922381245597b93fd06147dd83845cd9467098172f6eab07a7c0"}]},"affected":[{"package":{"name":"dotenv-node-cli","ecosystem":"npm","purl":"pkg:npm/dotenv-node-cli"},"versions":["3.3.5"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/dotenv-node-cli/MAL-2026-1713.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}