{"id":"MAL-2026-2872","summary":"Malicious code in ts-form-helpers (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (8f2ff1bf87164fdeb2ca9c37d578f7156164a344ffd11bcdb84ce34880358fea)\nThe package ts-form-helpers was found to contain malicious code.\n\n## Source: ossf-package-analysis (03c4b487f2e5dc4371e52ec785f67e4136f90bdc76b4d606d5b5b35144efe923)\nThe OpenSSF Package Analysis project identified 'ts-form-helpers' @ 1.0.18 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2026-04-23T21:18:26.954013Z","published":"2026-04-11T14:19:50Z","database_specific":{"malicious-packages-origins":[{"source":"ossf-package-analysis","sha256":"03c4b487f2e5dc4371e52ec785f67e4136f90bdc76b4d606d5b5b35144efe923","versions":["1.0.18"],"modified_time":"2026-04-12T01:03:18Z","import_time":"2026-04-20T00:43:17.371109645Z"},{"source":"ossf-package-analysis","sha256":"0c314d26df0c2daea5f69869dbb4b1959738d2873570f7e027f6350faf9a0786","versions":["1.0.13"],"modified_time":"2026-04-11T20:29:16Z","import_time":"2026-04-20T00:43:16.967682737Z"},{"source":"ossf-package-analysis","sha256":"90abb53d102a0c368314be204c03f283f3e54d0fd792679f2e0019cd79f08c1f","versions":["1.0.10"],"modified_time":"2026-04-11T19:29:46Z","import_time":"2026-04-20T00:43:16.65297946Z"},{"source":"ossf-package-analysis","sha256":"92661520265b266a63bb83aadd1a3c9400ac1dcfb640d8dfb8b1122fe46bedbf","versions":["1.0.2"],"modified_time":"2026-04-11T14:19:50Z","import_time":"2026-04-20T00:43:15.77933224Z"},{"source":"ossf-package-analysis","sha256":"bf77b5d83fbfb16ddd9cac5fcfb5dc0e715a4bbb3c4cc351e49906d09ee92764","versions":["1.0.16"],"modified_time":"2026-04-11T23:35:41Z","import_time":"2026-04-20T00:43:17.167483226Z"},{"source":"ossf-package-analysis","sha256":"1aa47687404163838140764087de91930e8bdb0fd7d00c08ab75a674456c505b","versions":["1.0.7"],"modified_time":"2026-04-11T18:26:51Z","import_time":"2026-04-20T00:43:16.444594565Z"},{"source":"ossf-package-analysis","sha256":"bcb126288f47f8bb0fd5197879fa01fd64e775d279a3ca662450030a0dc998db","versions":["1.0.9"],"modified_time":"2026-04-11T19:20:55Z","import_time":"2026-04-20T00:43:16.54490758Z"},{"source":"ossf-package-analysis","sha256":"43946e88377c56bb8ef8e37cee38ccb875164cbf924ee69ddd1cf6382de11520","versions":["1.0.11"],"modified_time":"2026-04-11T19:45:23Z","import_time":"2026-04-20T00:43:16.755920281Z"},{"source":"ossf-package-analysis","sha256":"53a68de24f292b0872d2be6d02dc83cb667f7d91a39410de43e5bcac5cf07d15","versions":["1.0.12"],"modified_time":"2026-04-11T20:10:43Z","import_time":"2026-04-20T00:43:16.861330397Z"},{"source":"ossf-package-analysis","sha256":"5e57c38d30ad43e284f27321e5f92270205f0419b02b43a22c2c62c1ae0994f9","versions":["1.0.1"],"modified_time":"2026-04-11T14:39:09Z","import_time":"2026-04-20T00:43:16.089083843Z"},{"source":"ossf-package-analysis","sha256":"843fcd3bd5be9b4334b1cced2bd896f1e34c6855979dc2e47bb2b3ccf746da48","versions":["1.0.6"],"modified_time":"2026-04-11T15:03:51Z","import_time":"2026-04-20T00:43:16.311327892Z"},{"source":"ossf-package-analysis","sha256":"ac3a22d5b0392c96b73e7703507748438bd423812b133c4d6ac566a6ffa5ff10","versions":["1.0.5"],"modified_time":"2026-04-11T14:35:37Z","import_time":"2026-04-20T00:43:15.991357981Z"},{"source":"ossf-package-analysis","sha256":"ce1d349f2b5bf175488006f4761309c092e8fed24e6428514e5c87f74154797d","versions":["1.0.3"],"modified_time":"2026-04-11T14:21:17Z","import_time":"2026-04-20T00:43:15.870337808Z"},{"source":"ossf-package-analysis","sha256":"fac138f8c03eace59fc49d61ae383155af4b82963d9cc29d5085d6cdfb6b31c5","versions":["1.0.15"],"modified_time":"2026-04-11T22:15:14Z","import_time":"2026-04-20T00:43:17.066973838Z"},{"source":"ossf-package-analysis","sha256":"a9f421ecc63fb7d76fde7b8e0f9ee85d74092f82f3aed33cab67e45e218c65b0","versions":["1.0.17"],"modified_time":"2026-04-12T00:08:44Z","import_time":"2026-04-20T00:43:17.270613774Z"},{"source":"ossf-package-analysis","sha256":"de6fa1ca65abdc6b7d0ffcd9aee006dbb164de70ad1e0cd604a4ec5ae7bcfdf4","versions":["1.0.4"],"modified_time":"2026-04-11T14:52:58Z","import_time":"2026-04-20T00:43:16.206330354Z"},{"source":"amazon-inspector","sha256":"8f2ff1bf87164fdeb2ca9c37d578f7156164a344ffd11bcdb84ce34880358fea","versions":["1.0.18","1.0.13","1.0.10","1.0.2","1.0.16","1.0.7","1.0.9","1.0.11","1.0.12","1.0.1","1.0.6","1.0.5","1.0.3","1.0.15","1.0.17","1.0.4"],"modified_time":"2026-04-23T20:43:56Z","import_time":"2026-04-23T20:49:02.13912721Z"}]},"affected":[{"package":{"name":"ts-form-helpers","ecosystem":"npm","purl":"pkg:npm/ts-form-helpers"},"versions":["1.0.18","1.0.13","1.0.10","1.0.2","1.0.16","1.0.7","1.0.9","1.0.11","1.0.12","1.0.1","1.0.6","1.0.5","1.0.3","1.0.15","1.0.17","1.0.4"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/ts-form-helpers/MAL-2026-2872.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}