{"id":"MAL-2026-2745","summary":"Malicious code in chain-syncora (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (c6d15e07fe0ec278f0437e4e651444bca1fa0cfac0f3cb50e06224e2fa3fde45)\nThe package chain-syncora was found to contain malicious code.\n","modified":"2026-04-23T21:14:49.766743Z","published":"2026-04-16T09:49:19Z","database_specific":{"malicious-packages-origins":[{"id":"RLMA-2026-01922","source":"reversing-labs","versions":["2.4.5"],"modified_time":"2026-04-16T09:49:19Z","import_time":"2026-04-16T15:38:57.625978914Z","sha256":"6df2d1552a81116e6aecdb107ac3adc934e01da363b958366b492d1a885360df"},{"sha256":"c6d15e07fe0ec278f0437e4e651444bca1fa0cfac0f3cb50e06224e2fa3fde45","source":"amazon-inspector","versions":["2.4.5"],"modified_time":"2026-04-23T20:43:56Z","import_time":"2026-04-23T20:49:09.954927378Z"}]},"affected":[{"package":{"name":"chain-syncora","ecosystem":"npm","purl":"pkg:npm/chain-syncora"},"versions":["2.4.5"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/chain-syncora/MAL-2026-2745.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}