{"id":"MAL-2026-2137","summary":"Malicious code in @one-site/europcar (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (711bd5a2f6cb47f1cf20cae950c1b89253561e63249de1fa2989ea5766f6f3bd)\nThe package @one-site/europcar was found to contain malicious code.\n\n## Source: ossf-package-analysis (7557adaa6a16b5e4b4b0a858b0ae3cd85711122fc9beab929e5da5a0f614aa79)\nThe OpenSSF Package Analysis project identified '@one-site/europcar' @ 2.92.10 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2026-03-31T03:21:08.495592Z","published":"2026-03-24T13:40:41Z","database_specific":{"malicious-packages-origins":[{"import_time":"2026-03-24T14:31:11.938751428Z","source":"ossf-package-analysis","sha256":"6eed3d6ae2173460f4a7df02a76103b4bb8bb7213b2d8586ac6ea4a73334c810","modified_time":"2026-03-24T14:09:32Z","versions":["2.93.1"]},{"import_time":"2026-03-24T14:31:11.814926408Z","source":"ossf-package-analysis","sha256":"7557adaa6a16b5e4b4b0a858b0ae3cd85711122fc9beab929e5da5a0f614aa79","modified_time":"2026-03-24T13:40:41Z","versions":["2.92.10"]},{"import_time":"2026-03-31T03:10:03.834671225Z","source":"amazon-inspector","sha256":"711bd5a2f6cb47f1cf20cae950c1b89253561e63249de1fa2989ea5766f6f3bd","modified_time":"2026-03-31T02:07:58Z","versions":["2.93.1","2.92.10"]}]},"affected":[{"package":{"name":"@one-site/europcar","ecosystem":"npm","purl":"pkg:npm/%40one-site/europcar"},"versions":["2.93.1","2.92.10"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@one-site/europcar/MAL-2026-2137.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}