{"id":"MAL-2026-3147","summary":"Malicious code in coinmate-typescript-client (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (fbfed1f09c009e285a20b7f2914257795846bf558a735467cb742ab4bc53165b)\nThe package coinmate-typescript-client was found to contain malicious code.\n\n## Source: ossf-package-analysis (6948d3a04db0cd4d3fccc7478ed34991379556660af69fcbabaf3a4c640690e0)\nThe OpenSSF Package Analysis project identified 'coinmate-typescript-client' @ 99.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n","modified":"2026-04-30T23:10:00.806607Z","published":"2026-04-29T06:50:48Z","database_specific":{"malicious-packages-origins":[{"import_time":"2026-04-29T07:19:29.381388582Z","modified_time":"2026-04-29T06:50:48Z","versions":["99.0.0"],"source":"ossf-package-analysis","sha256":"6948d3a04db0cd4d3fccc7478ed34991379556660af69fcbabaf3a4c640690e0"},{"import_time":"2026-04-30T22:23:12.432126479Z","modified_time":"2026-04-30T21:59:18Z","versions":["99.0.0"],"source":"amazon-inspector","sha256":"fbfed1f09c009e285a20b7f2914257795846bf558a735467cb742ab4bc53165b"}]},"affected":[{"package":{"name":"coinmate-typescript-client","ecosystem":"npm","purl":"pkg:npm/coinmate-typescript-client"},"versions":["99.0.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/coinmate-typescript-client/MAL-2026-3147.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}