{"id":"MAL-2026-3080","summary":"Malicious code in frank-bot-gogle-cloning (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (44bf385867bdd18d9634c115e9e423146f198038e6fdb1d6dca9c95743f3af4b)\nThe package frank-bot-gogle-cloning was found to contain malicious code.\n\n## Source: ossf-package-analysis (49dddf11519659e89469fd400ecad5f7975ea44b898a3cdb5647d0042168e8b7)\nThe OpenSSF Package Analysis project identified 'frank-bot-gogle-cloning' @ 1.1.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2026-04-30T23:10:02.408049Z","published":"2026-04-26T15:17:51Z","database_specific":{"malicious-packages-origins":[{"source":"ossf-package-analysis","versions":["1.1.0"],"sha256":"49dddf11519659e89469fd400ecad5f7975ea44b898a3cdb5647d0042168e8b7","modified_time":"2026-04-26T15:17:51Z","import_time":"2026-04-27T01:40:42.219705356Z"},{"source":"amazon-inspector","versions":["1.1.0"],"sha256":"44bf385867bdd18d9634c115e9e423146f198038e6fdb1d6dca9c95743f3af4b","modified_time":"2026-04-30T21:59:18Z","import_time":"2026-04-30T22:23:15.041139797Z"}]},"affected":[{"package":{"name":"frank-bot-gogle-cloning","ecosystem":"npm","purl":"pkg:npm/frank-bot-gogle-cloning"},"versions":["1.1.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/frank-bot-gogle-cloning/MAL-2026-3080.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}