{"id":"MAL-2026-2236","summary":"Malicious code in onboarding-server (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (44d4a1844921cebc245e39614ba7b999c3890d048ad81429d89d9daf45038ecd)\nThe package onboarding-server was found to contain malicious code.\n\n## Source: ossf-package-analysis (9d8938c92b041ecea47a5e8d98398e602ff4f6dfe7ba405bc48f82de2654b5c4)\nThe OpenSSF Package Analysis project identified 'onboarding-server' @ 0.1.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2026-03-31T03:24:09.956931Z","published":"2026-03-26T14:15:47Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2026-03-26T14:15:47Z","source":"ossf-package-analysis","versions":["0.1.1"],"sha256":"9d8938c92b041ecea47a5e8d98398e602ff4f6dfe7ba405bc48f82de2654b5c4","import_time":"2026-03-26T14:37:17.249408233Z"},{"modified_time":"2026-03-31T02:07:58Z","source":"amazon-inspector","versions":["0.1.1"],"sha256":"44d4a1844921cebc245e39614ba7b999c3890d048ad81429d89d9daf45038ecd","import_time":"2026-03-31T03:10:09.586695832Z"}]},"affected":[{"package":{"name":"onboarding-server","ecosystem":"npm","purl":"pkg:npm/onboarding-server"},"versions":["0.1.1"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/onboarding-server/MAL-2026-2236.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}