{"id":"MAL-2026-2368","summary":"Malicious code in json-mapping-token (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (c3e27e1c4dcb0a7a03e552d242b6d13a6834ae89bf87382c9ff28d8e88820be8)\nThe package json-mapping-token was found to contain malicious code.\n","modified":"2026-04-07T14:53:48.656304Z","published":"2026-03-24T15:49:41Z","database_specific":{"malicious-packages-origins":[{"id":"RLMA-2026-01774","modified_time":"2026-03-24T15:49:41Z","import_time":"2026-04-01T12:26:09.025236863Z","versions":["2.2.4"],"source":"reversing-labs","sha256":"1bcdb4507fd1a486a27de58d8edc2a2add4c73cabbd014ee373889836f8da30d"},{"modified_time":"2026-04-07T14:24:50Z","import_time":"2026-04-07T14:39:21.758927284Z","versions":["2.2.4"],"source":"amazon-inspector","sha256":"c3e27e1c4dcb0a7a03e552d242b6d13a6834ae89bf87382c9ff28d8e88820be8"}]},"affected":[{"package":{"name":"json-mapping-token","ecosystem":"npm","purl":"pkg:npm/json-mapping-token"},"versions":["2.2.4"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/json-mapping-token/MAL-2026-2368.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}