{"id":"MAL-2026-2358","summary":"Malicious code in env-cli-express (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (46e9b2427571d9edd96dfaefcc677578a0296dcf49d197e9482a67b794ea440e)\nThe package env-cli-express was found to contain malicious code.\n","modified":"2026-04-07T14:53:08.403610Z","published":"2026-03-24T15:44:10Z","database_specific":{"malicious-packages-origins":[{"versions":["2.5.5"],"modified_time":"2026-03-24T15:44:10Z","source":"reversing-labs","import_time":"2026-04-01T12:26:08.246214155Z","sha256":"e76864a0e873b64a74cb974b462530a7f6fb9469e4ee19e5e21d5f7bb06cc340","id":"RLMA-2026-01752"},{"versions":["2.5.5"],"source":"amazon-inspector","import_time":"2026-04-07T14:39:20.56608291Z","sha256":"46e9b2427571d9edd96dfaefcc677578a0296dcf49d197e9482a67b794ea440e","modified_time":"2026-04-07T14:24:50Z"}]},"affected":[{"package":{"name":"env-cli-express","ecosystem":"npm","purl":"pkg:npm/env-cli-express"},"versions":["2.5.5"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/env-cli-express/MAL-2026-2358.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}