{"id":"MAL-2026-2874","summary":"Malicious code in unisys-agentic-ai-playground (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (13ec6c43f5a186c6e78aca52041174240070088e17078f1bcb9f63ac0d55f5f0)\nThe package unisys-agentic-ai-playground was found to contain malicious code.\n\n## Source: ossf-package-analysis (b3c6ad275dea5349905eb0d48b04201592c9fb1b7643417f1fed5b63da4c5ac9)\nThe OpenSSF Package Analysis project identified 'unisys-agentic-ai-playground' @ 99.99.2 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2026-04-23T21:18:47.760844Z","published":"2026-04-11T21:54:25Z","database_specific":{"malicious-packages-origins":[{"versions":["99.99.2"],"sha256":"b3c6ad275dea5349905eb0d48b04201592c9fb1b7643417f1fed5b63da4c5ac9","source":"ossf-package-analysis","import_time":"2026-04-20T00:43:17.748269697Z","modified_time":"2026-04-11T21:54:25Z"},{"versions":["99.99.2"],"sha256":"13ec6c43f5a186c6e78aca52041174240070088e17078f1bcb9f63ac0d55f5f0","source":"amazon-inspector","import_time":"2026-04-23T20:49:01.793061149Z","modified_time":"2026-04-23T20:43:56Z"}]},"affected":[{"package":{"name":"unisys-agentic-ai-playground","ecosystem":"npm","purl":"pkg:npm/unisys-agentic-ai-playground"},"versions":["99.99.2"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/unisys-agentic-ai-playground/MAL-2026-2874.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}