{"id":"MAL-2026-2365","summary":"Malicious code in env-nodejs (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (b9fdb2ca296901d2020b959a63ec369c661ac063698529ced5230cd04717a5c0)\nThe package env-nodejs was found to contain malicious code.\n","modified":"2026-04-07T14:52:20.081850Z","published":"2026-03-24T15:44:15Z","database_specific":{"malicious-packages-origins":[{"id":"RLMA-2026-01759","versions":["2.5.5"],"sha256":"1e8fc0fce3e5a0d7bcce6ca88f1659d02495a572233760339b140d689e646fb1","source":"reversing-labs","modified_time":"2026-03-24T15:44:15Z","import_time":"2026-04-01T12:26:08.518189957Z"},{"versions":["2.5.5"],"sha256":"b9fdb2ca296901d2020b959a63ec369c661ac063698529ced5230cd04717a5c0","source":"amazon-inspector","modified_time":"2026-04-07T14:24:50Z","import_time":"2026-04-07T14:39:14.870212234Z"}]},"affected":[{"package":{"name":"env-nodejs","ecosystem":"npm","purl":"pkg:npm/env-nodejs"},"versions":["2.5.5"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/env-nodejs/MAL-2026-2365.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}