{"id":"MAL-2026-2410","summary":"Malicious code in @the-coca-cola-company/ngps-global-common-utils (npm)","details":"Malicious post-install script combined with low project popularity indicates potential malware. Arbitrary code execution is a major concern.\n\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (3ebe31c5bb51c354ed83627a02c11ca4c8541e042623b1b987255941ffafdaff)\nThe package @the-coca-cola-company/ngps-global-common-utils was found to contain malicious code.\n","modified":"2026-04-16T15:50:54.643091Z","published":"2026-03-24T09:07:58Z","database_specific":{"malicious-packages-origins":[{"source":"amazon-inspector","modified_time":"2026-04-07T14:24:50Z","sha256":"3ebe31c5bb51c354ed83627a02c11ca4c8541e042623b1b987255941ffafdaff","import_time":"2026-04-07T14:39:17.98122271Z","ranges":[{"events":[{"introduced":"0"}],"type":"SEMVER"}]},{"source":"reversing-labs","modified_time":"2026-04-16T09:39:20Z","versions":["1.0.0","9.9.0","9.9.9"],"sha256":"c8f9e8cd86ecaa7f2080db546f0064ff49df1a741be0cfa86f17778ae97f2fe2","id":"RLMA-2026-01868","import_time":"2026-04-16T15:38:50.59739279Z"}]},"references":[{"type":"REPORT","url":"https://app.safedep.io/community/malysis/01KHR2P4NQM7HJ6KMSCJ3DCMCX"},{"type":"WEB","url":"https://app.safedep.io/community/malysis/01KHR2P4NQM7HJ6KMSCJ3DCMCX"},{"type":"WEB","url":"https://safedep.io/sl4x0-dependency-confusion-campaign"}],"affected":[{"package":{"name":"@the-coca-cola-company/ngps-global-common-utils","ecosystem":"npm","purl":"pkg:npm/%40the-coca-cola-company/ngps-global-common-utils"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"versions":["1.0.0","9.9.0","9.9.9"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@the-coca-cola-company/ngps-global-common-utils/MAL-2026-2410.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"},{"name":"SafeDep","contact":["https://safedep.io"],"type":"FINDER"}]}