{"id":"MAL-2026-2802","summary":"Malicious code in synthetics-sdk-node (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (f901ab2d37659ee8585c20804e368b185c14c0e5fc49e51a3148fb439b728bad)\nThe package synthetics-sdk-node was found to contain malicious code.\n","modified":"2026-04-23T21:18:05.281331Z","published":"2026-04-16T10:19:13Z","database_specific":{"malicious-packages-origins":[{"versions":["9.9.9"],"source":"reversing-labs","id":"RLMA-2026-02044","modified_time":"2026-04-16T10:19:13Z","sha256":"9d8e6bc7296fce19da958f146133cc99213b28deb2296357abd2700ff70c74cd","import_time":"2026-04-16T15:39:17.573183497Z"},{"versions":["9.9.9"],"source":"amazon-inspector","modified_time":"2026-04-23T20:43:56Z","sha256":"f901ab2d37659ee8585c20804e368b185c14c0e5fc49e51a3148fb439b728bad","import_time":"2026-04-23T20:49:05.056229049Z"}]},"affected":[{"package":{"name":"synthetics-sdk-node","ecosystem":"npm","purl":"pkg:npm/synthetics-sdk-node"},"versions":["9.9.9"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/synthetics-sdk-node/MAL-2026-2802.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}