{"id":"MAL-2026-2768","summary":"Malicious code in h3-next (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (41a779cef19955b279051dff59351c5f041b3834e2c9bd972c0b0be096aa767f)\nThe package h3-next was found to contain malicious code.\n","modified":"2026-04-23T21:16:07.517977Z","published":"2026-04-16T10:00:02Z","database_specific":{"malicious-packages-origins":[{"sha256":"d69e72688f629d7e5d3013109a89146f05d870c76632155ad26dc5c64bd09385","versions":["99.99.9"],"modified_time":"2026-04-16T10:00:02Z","source":"reversing-labs","import_time":"2026-04-16T15:39:03.974258456Z","id":"RLMA-2026-01968"},{"sha256":"41a779cef19955b279051dff59351c5f041b3834e2c9bd972c0b0be096aa767f","versions":["99.99.9"],"modified_time":"2026-04-23T20:43:56Z","source":"amazon-inspector","import_time":"2026-04-23T20:49:15.064860819Z"}]},"affected":[{"package":{"name":"h3-next","ecosystem":"npm","purl":"pkg:npm/h3-next"},"versions":["99.99.9"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/h3-next/MAL-2026-2768.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}