{"id":"MAL-2026-2366","summary":"Malicious code in ghost-module (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (67b6330e4cf0d3fdd5e5809026b2bf763eb9e40677d38cca3a39af3a079d265f)\nThe package ghost-module was found to contain malicious code.\n","modified":"2026-04-07T14:53:59.550686Z","published":"2026-03-24T15:47:13Z","database_specific":{"malicious-packages-origins":[{"sha256":"de2bf5fcae31b0deb78a07adda9b24c41706d65206f4ee70ec1a33e16db178e9","versions":["99.0.0"],"import_time":"2026-04-01T12:26:08.786462953Z","modified_time":"2026-03-24T15:47:13Z","id":"RLMA-2026-01766","source":"reversing-labs"},{"sha256":"67b6330e4cf0d3fdd5e5809026b2bf763eb9e40677d38cca3a39af3a079d265f","import_time":"2026-04-07T14:39:19.956477156Z","modified_time":"2026-04-07T14:24:50Z","versions":["99.0.0"],"source":"amazon-inspector"}]},"affected":[{"package":{"name":"ghost-module","ecosystem":"npm","purl":"pkg:npm/ghost-module"},"versions":["99.0.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/ghost-module/MAL-2026-2366.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}