{"id":"MAL-2026-2744","summary":"Malicious code in chain-metrica (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (fb624dbdf0ad26818c6d6685e22838c8bbb23d223376ba009f53500ca469ad86)\nThe package chain-metrica was found to contain malicious code.\n","modified":"2026-04-23T21:15:18.157717Z","published":"2026-04-16T09:49:16Z","database_specific":{"malicious-packages-origins":[{"versions":["2.4.5"],"sha256":"c2ff52278c930c391f6ffa31d8733a5002bbbcdeda1e98aeaf7cfc7e2e2b41ac","modified_time":"2026-04-16T09:49:16Z","source":"reversing-labs","id":"RLMA-2026-01921","import_time":"2026-04-16T15:38:57.468515884Z"},{"versions":["2.4.5"],"sha256":"fb624dbdf0ad26818c6d6685e22838c8bbb23d223376ba009f53500ca469ad86","modified_time":"2026-04-23T20:43:56Z","source":"amazon-inspector","import_time":"2026-04-23T20:48:58.836846676Z"}]},"affected":[{"package":{"name":"chain-metrica","ecosystem":"npm","purl":"pkg:npm/chain-metrica"},"versions":["2.4.5"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/chain-metrica/MAL-2026-2744.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}