{"id":"MAL-2026-3030","summary":"Malicious code in model-poc-suhail (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (cab4accb7cb3b74a34df44b1ed7fa1e62726ff3e5ee8fb562dd0d65754dc61b7)\nThe OpenSSF Package Analysis project identified 'model-poc-suhail' @ 1.0.5 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n","modified":"2026-04-24T21:32:50.256725Z","published":"2026-04-24T15:35:46Z","database_specific":{"malicious-packages-origins":[{"sha256":"cab4accb7cb3b74a34df44b1ed7fa1e62726ff3e5ee8fb562dd0d65754dc61b7","import_time":"2026-04-24T15:57:24.067198042Z","source":"ossf-package-analysis","versions":["1.0.5"],"modified_time":"2026-04-24T15:41:05Z"},{"sha256":"ecf450cd351c9f286061d8f191775dace36b71de22f106431e243bb7b03a8fc9","import_time":"2026-04-24T15:57:23.932504498Z","source":"ossf-package-analysis","versions":["1.0.4"],"modified_time":"2026-04-24T15:35:46Z"},{"sha256":"9b067f8988092b4bb6bfc9eaa2c0ccbb07c138292472b678c06bfbfb41859269","import_time":"2026-04-24T21:21:00.746579063Z","source":"ossf-package-analysis","versions":["1.0.9"],"modified_time":"2026-04-24T21:13:34Z"}]},"affected":[{"package":{"name":"model-poc-suhail","ecosystem":"npm","purl":"pkg:npm/model-poc-suhail"},"versions":["1.0.5","1.0.4","1.0.9"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/model-poc-suhail/MAL-2026-3030.json"}}],"schema_version":"1.7.5","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}