{"id":"MAL-2026-2779","summary":"Malicious code in metrify-chain (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (6898154f06df814bd48f3b479a605e61fcffebfc9ce5c39a6904ba24a907ac78)\nThe package metrify-chain was found to contain malicious code.\n","modified":"2026-04-23T21:18:56.421780Z","published":"2026-04-16T10:05:18Z","database_specific":{"malicious-packages-origins":[{"source":"reversing-labs","modified_time":"2026-04-16T10:05:18Z","versions":["2.4.5"],"sha256":"449baba60b03728f730c775e8c09df0dd6220a0c932658024b8e04e971a2f2ef","id":"RLMA-2026-01990","import_time":"2026-04-16T15:39:06.39651816Z"},{"source":"amazon-inspector","modified_time":"2026-04-23T20:43:56Z","versions":["2.4.5"],"sha256":"6898154f06df814bd48f3b479a605e61fcffebfc9ce5c39a6904ba24a907ac78","import_time":"2026-04-23T20:49:15.095390848Z"}]},"affected":[{"package":{"name":"metrify-chain","ecosystem":"npm","purl":"pkg:npm/metrify-chain"},"versions":["2.4.5"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/metrify-chain/MAL-2026-2779.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}