{"id":"MAL-2026-2861","summary":"Malicious code in vinext-monorepo (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (b5c7279d5c84c989a0deef7944c5d1d22b89651bdc01da8fc5144622a8fc74cb)\nThe package vinext-monorepo was found to contain malicious code.\n\n## Source: ossf-package-analysis (574f240251e7be8dcdf3c0b77c1df87b69497f67e98d64b831a36ab87c2d08de)\nThe OpenSSF Package Analysis project identified 'vinext-monorepo' @ 99.10.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n","modified":"2026-04-23T21:12:41.093356Z","published":"2026-04-19T09:55:46Z","database_specific":{"malicious-packages-origins":[{"import_time":"2026-04-19T10:18:16.342750239Z","versions":["99.10.9"],"source":"ossf-package-analysis","sha256":"574f240251e7be8dcdf3c0b77c1df87b69497f67e98d64b831a36ab87c2d08de","modified_time":"2026-04-19T10:05:37Z"},{"import_time":"2026-04-19T10:18:16.178877915Z","versions":["99.9.9"],"source":"ossf-package-analysis","sha256":"e3ecc98f82852dad8bcdbbc67b59bf72262cc47704cae977675af25e065970e5","modified_time":"2026-04-19T09:55:46Z"},{"import_time":"2026-04-19T17:15:44.46251823Z","versions":["99.12.9"],"source":"ossf-package-analysis","sha256":"80e8b3d6f0d3e01f2f0c8640a9cb2c21f8f6d47e8b29821d8753a8ce5724afa3","modified_time":"2026-04-19T17:00:53Z"},{"import_time":"2026-04-23T20:49:04.740689426Z","versions":["99.10.9","99.9.9","99.12.9"],"source":"amazon-inspector","sha256":"b5c7279d5c84c989a0deef7944c5d1d22b89651bdc01da8fc5144622a8fc74cb","modified_time":"2026-04-23T20:43:56Z"}]},"affected":[{"package":{"name":"vinext-monorepo","ecosystem":"npm","purl":"pkg:npm/vinext-monorepo"},"versions":["99.10.9","99.9.9","99.12.9"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/vinext-monorepo/MAL-2026-2861.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}