{"id":"MAL-2026-3029","summary":"Malicious code in eth-logger (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (843cae77c9aaf84bef1b7d5e46e27795d5203d2959a39b2797f0e1248b4995c7)\nThe package eth-logger was found to contain malicious code.\n\n## Source: ossf-package-analysis (028addf545d834096a4443644415ea2ec422310d4e413d6ded00fb87fdd4d74f)\nThe OpenSSF Package Analysis project identified 'eth-logger' @ 4.3.21 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2026-05-12T07:56:44.682455Z","published":"2026-04-23T07:27:12Z","database_specific":{"malicious-packages-origins":[{"versions":["4.3.21"],"modified_time":"2026-04-23T07:46:14Z","import_time":"2026-04-24T06:46:17.336014851Z","sha256":"028addf545d834096a4443644415ea2ec422310d4e413d6ded00fb87fdd4d74f","source":"ossf-package-analysis"},{"versions":["4.3.20"],"modified_time":"2026-04-23T07:27:12Z","import_time":"2026-04-24T06:46:17.093010097Z","sha256":"834f2df77f9e1df7adc62cd44dad73791aba5e7043373b2c5258691014b42e5d","source":"ossf-package-analysis"},{"versions":["4.3.21","4.3.20"],"modified_time":"2026-05-12T06:53:21Z","import_time":"2026-05-12T07:28:51.297397086Z","sha256":"843cae77c9aaf84bef1b7d5e46e27795d5203d2959a39b2797f0e1248b4995c7","source":"amazon-inspector"}]},"affected":[{"package":{"name":"eth-logger","ecosystem":"npm","purl":"pkg:npm/eth-logger"},"versions":["4.3.21","4.3.20"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/eth-logger/MAL-2026-3029.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}