{"id":"MAL-2026-1758","summary":"Malicious code in jwtenv (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (4ffb1c87b403f5fe445c727f61a0295c9614afddf588d99fb1fefbbe92d2abb6)\nThe package jwtenv was found to contain malicious code.\n","modified":"2026-03-23T05:43:23.288191Z","published":"2026-03-18T12:56:27Z","database_specific":{"malicious-packages-origins":[{"versions":["1.1.7"],"source":"reversing-labs","sha256":"67bf61e147e4bdd171748eee5ac722352125b555415bb65903d86313e389c14f","import_time":"2026-03-19T12:18:57.002181809Z","id":"RLMA-2026-01383","modified_time":"2026-03-18T12:56:27Z"},{"versions":["1.1.7"],"source":"amazon-inspector","import_time":"2026-03-23T05:14:09.808752847Z","sha256":"4ffb1c87b403f5fe445c727f61a0295c9614afddf588d99fb1fefbbe92d2abb6","modified_time":"2026-03-23T05:11:41Z"}]},"affected":[{"package":{"name":"jwtenv","ecosystem":"npm","purl":"pkg:npm/jwtenv"},"versions":["1.1.7"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/jwtenv/MAL-2026-1758.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}