{"id":"MAL-2026-1716","summary":"Malicious code in dotenv-plugin (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (8c1892dd92715cddb9d2bc58111d6b2e4352677ff4d6b155ed7ddc9e04f06edf)\nThe package dotenv-plugin was found to contain malicious code.\n","modified":"2026-03-23T05:42:03.239416Z","published":"2026-03-18T12:47:42Z","database_specific":{"malicious-packages-origins":[{"source":"reversing-labs","id":"RLMA-2026-01259","modified_time":"2026-03-18T12:47:42Z","import_time":"2026-03-19T12:18:46.864833402Z","versions":["2.3.5","3.3.5"],"sha256":"7e18b05c76322d19af0b81b73e433b3622cc093d5ce22bac8fa5f4b8e12fb8ab"},{"source":"amazon-inspector","modified_time":"2026-03-23T05:11:41Z","import_time":"2026-03-23T05:14:08.647956685Z","versions":["2.3.5","3.3.5"],"sha256":"8c1892dd92715cddb9d2bc58111d6b2e4352677ff4d6b155ed7ddc9e04f06edf"}]},"affected":[{"package":{"name":"dotenv-plugin","ecosystem":"npm","purl":"pkg:npm/dotenv-plugin"},"versions":["2.3.5","3.3.5"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/dotenv-plugin/MAL-2026-1716.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}