{"id":"MAL-2026-2367","summary":"Malicious code in json-mapping-fetch (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (45649188d792a4c0d12add7ece8a5f8bd1f35ea2478d963b75238249cc788de3)\nThe package json-mapping-fetch was found to contain malicious code.\n","modified":"2026-04-07T14:54:00.632174Z","published":"2026-03-24T15:49:40Z","database_specific":{"malicious-packages-origins":[{"sha256":"bf6089bb1ca878bef887466d0f4de52313a31360ef59f6bba682b579bad28936","import_time":"2026-04-01T12:26:08.978453336Z","source":"reversing-labs","id":"RLMA-2026-01773","versions":["2.4.3"],"modified_time":"2026-03-24T15:49:40Z"},{"sha256":"45649188d792a4c0d12add7ece8a5f8bd1f35ea2478d963b75238249cc788de3","import_time":"2026-04-07T14:39:11.487893679Z","source":"amazon-inspector","versions":["2.4.3"],"modified_time":"2026-04-07T14:24:50Z"}]},"affected":[{"package":{"name":"json-mapping-fetch","ecosystem":"npm","purl":"pkg:npm/json-mapping-fetch"},"versions":["2.4.3"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/json-mapping-fetch/MAL-2026-2367.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}