{"id":"MAL-2026-1844","summary":"Malicious code in shopify-ping-web (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (65f10efaec7ccae41168b3bcbce9874ddfa9fb6d806c9e55029549efe82f9898)\nThe package shopify-ping-web was found to contain malicious code.\n","modified":"2026-03-23T05:45:42.814581Z","published":"2026-03-18T13:09:25Z","database_specific":{"malicious-packages-origins":[{"versions":["99.9.9"],"source":"reversing-labs","modified_time":"2026-03-18T13:09:25Z","import_time":"2026-03-19T12:19:10.110588702Z","id":"RLMA-2026-01568","sha256":"468759baaa53e403a37baf14da34474cfc7bb8adc08fc841141db6fcb07aece4"},{"versions":["99.9.9"],"modified_time":"2026-03-23T05:11:41Z","import_time":"2026-03-23T05:14:22.118279038Z","source":"amazon-inspector","sha256":"65f10efaec7ccae41168b3bcbce9874ddfa9fb6d806c9e55029549efe82f9898"}]},"affected":[{"package":{"name":"shopify-ping-web","ecosystem":"npm","purl":"pkg:npm/shopify-ping-web"},"versions":["99.9.9"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/shopify-ping-web/MAL-2026-1844.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}