{"id":"MAL-2026-3077","summary":"Malicious code in axis-charts (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (b2948113b9e8ba2a0eaf9f07de49e63efdcdb91450acb69c6e5c9da9e2f982eb)\nThe package axis-charts was found to contain malicious code.\n\n## Source: ossf-package-analysis (0666841b4aa80a91cf700f9a144dee8d0ed1788bd7156ffd56d4f9d5e19317e4)\nThe OpenSSF Package Analysis project identified 'axis-charts' @ 99.99.99 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2026-05-05T00:07:14.411022Z","published":"2026-04-25T09:45:42Z","database_specific":{"malicious-packages-origins":[{"sha256":"e632b4790bf81c7aa68d7d36ac159fc5c0bf4f61366cb65c765ddfca5764873e","source":"ossf-package-analysis","import_time":"2026-04-27T01:40:40.08190925Z","versions":["1.0.0"],"modified_time":"2026-04-25T09:45:42Z"},{"sha256":"b2948113b9e8ba2a0eaf9f07de49e63efdcdb91450acb69c6e5c9da9e2f982eb","source":"amazon-inspector","import_time":"2026-04-30T22:23:11.825435542Z","versions":["1.0.0"],"modified_time":"2026-04-30T21:59:18Z"},{"sha256":"0666841b4aa80a91cf700f9a144dee8d0ed1788bd7156ffd56d4f9d5e19317e4","source":"ossf-package-analysis","import_time":"2026-05-04T03:13:23.417823878Z","versions":["99.99.99"],"modified_time":"2026-05-03T12:37:25Z"},{"sha256":"027326d21c9edfc1a1fe7e86151361f49add590d73ec8541d8ba2350b31f1536","source":"ossf-package-analysis","import_time":"2026-05-04T23:49:27.81196622Z","versions":["100.0.0"],"modified_time":"2026-05-04T13:30:50Z"}]},"affected":[{"package":{"name":"axis-charts","ecosystem":"npm","purl":"pkg:npm/axis-charts"},"versions":["1.0.0","99.99.99","100.0.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/axis-charts/MAL-2026-3077.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}