{"id":"MAL-2026-2817","summary":"Malicious code in lightweight-charts-4.1 (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (1f7a7bcf5678b42c2da20ad8e444066092ac3a9c17a6c8867a034717d1d8c344)\nThe package lightweight-charts-4.1 was found to contain malicious code.\n\n## Source: ossf-package-analysis (3bf5f9054bf59235c7406b076fed3f65c71c616f5c6f9a044b320f1376d793e8)\nThe OpenSSF Package Analysis project identified 'lightweight-charts-4.1' @ 11000.0.18 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2026-04-23T21:16:20.613151Z","published":"2026-04-16T17:35:59Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2026-04-16T17:35:59Z","import_time":"2026-04-16T18:30:52.435496486Z","source":"ossf-package-analysis","versions":["1000.0.1"],"sha256":"04732e60b86bae0e7ee9e80b40fd0dae9c034f2c26f0da66c80123870235912e"},{"modified_time":"2026-04-18T09:51:23Z","import_time":"2026-04-18T10:18:46.05699261Z","source":"ossf-package-analysis","versions":["11000.0.18"],"sha256":"3bf5f9054bf59235c7406b076fed3f65c71c616f5c6f9a044b320f1376d793e8"},{"modified_time":"2026-04-23T20:43:56Z","import_time":"2026-04-23T20:48:59.708117397Z","source":"amazon-inspector","versions":["1000.0.1","11000.0.18"],"sha256":"1f7a7bcf5678b42c2da20ad8e444066092ac3a9c17a6c8867a034717d1d8c344"}]},"affected":[{"package":{"name":"lightweight-charts-4.1","ecosystem":"npm","purl":"pkg:npm/lightweight-charts-4.1"},"versions":["1000.0.1","11000.0.18"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/lightweight-charts-4.1/MAL-2026-2817.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}