{"id":"MAL-2026-2830","summary":"Malicious code in renovate-config-doctolib (npm)","details":"Malicious package due to data exfiltration via preinstall script, reading .npmrc, and sending data to a remote server. Few published versions.","modified":"2026-04-17T07:33:31.326887Z","published":"2026-04-17T06:20:10Z","database_specific":{"malicious-packages-origins":null},"references":[{"type":"REPORT","url":"https://app.safedep.io/community/malysis/01KPD1H8Q0V7ZHX0HDRF42WK92"}],"affected":[{"package":{"name":"renovate-config-doctolib","ecosystem":"npm","purl":"pkg:npm/renovate-config-doctolib"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/renovate-config-doctolib/MAL-2026-2830.json"}}],"schema_version":"1.7.5","credits":[{"name":"SafeDep","contact":["https://safedep.io"],"type":"FINDER"}]}