{"id":"MAL-2026-2750","summary":"Malicious code in coremesh (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (2e1c5c73eed4959ff3773bce8dd6ceee55a4cb517758013fcfb3075859cb05f5)\nThe package coremesh was found to contain malicious code.\n","modified":"2026-04-23T21:15:32.376959Z","published":"2026-04-16T09:50:48Z","database_specific":{"malicious-packages-origins":[{"import_time":"2026-04-16T15:38:59.058638276Z","source":"reversing-labs","modified_time":"2026-04-16T09:50:48Z","versions":["2.4.5"],"id":"RLMA-2026-01929","sha256":"c9f071802b46a674f3009a0d25071c9808e980303e43b339e2b4174f363a4e51"},{"import_time":"2026-04-23T20:48:58.665628892Z","source":"amazon-inspector","modified_time":"2026-04-23T20:43:56Z","versions":["2.4.5"],"sha256":"2e1c5c73eed4959ff3773bce8dd6ceee55a4cb517758013fcfb3075859cb05f5"}]},"affected":[{"package":{"name":"coremesh","ecosystem":"npm","purl":"pkg:npm/coremesh"},"versions":["2.4.5"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/coremesh/MAL-2026-2750.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}